From mboxrd@z Thu Jan  1 00:00:00 1970
From: Miloslav Trmac <mitr@redhat.com>
Subject: Re: pam_tty_audit icanon log switch
Date: Fri, 22 Mar 2013 12:05:49 -0400 (EDT)
Message-ID: <1636830853.13318430.1363968349160.JavaMail.root@redhat.com>
References: <20130322054636.GA18911@madcap2.tricolour.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <20130322054636.GA18911@madcap2.tricolour.ca>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Richard Guy Briggs <rgb@redhat.com>
Cc: Linux-Audit Mailing List <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

----- Original Message -----
> Most commands are entered one line at a time and processed as complete
> lines in non-canonical mode.  Commands that interactively require a
> password, enter canonical mode to do this.  This feature (icanon) can be
> used to avoid logging passwords by audit while still logging the rest of
> the command.

There was an earlier discussion about the correctness of using ICANON for this.  Is ICANON really the right variable?

AFAICT the seeings are used like this:

(cat) and other programs that just take standard input: ICANON && ECHO
(bash), (vi) and other interactive programs: !ICANON && !ECHO
password prompts: ICANON && !ECHO

and we want to exclude only password prompts.
    Mirk