* Expanding PATH records to be absolute paths
@ 2007-09-12 18:14 Matthew Booth
2007-09-12 18:34 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: Matthew Booth @ 2007-09-12 18:14 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 1439 bytes --]
As I mentioned in my austream email, I need to be able to rewrite
outgoing PATH records to have absolute paths. I can obviously do this
from scratch, and if there's no better way then this is what I will do.
However, I'm aware that work has gone on in the userspace message
parsing area, and I'd like to avoid reinventing the wheel. I have a few
constraints, though:
* Must work on libraries shipped with RHEL 4.5
If necessary, I will import bits of code from later versions into
austream, however I'm not prepared to require updating from the shipped
audit-libs. If I need to do this, how can I minimise maintenance pain?
Maybe separate parsing libraries into a separate package and depend on
it?
* Must work on a stream
I don't write anything to disk. It must work on messages as read from
the audit netlink socket.
* It must be fast
I need to remain sure that I can put the tool into a performance
critical environment with confidence that I won't kill it.
If I were going to do this from scratch, I'd cache CWD records and
rewrite PATH records on the way through. I don't believe any other
record requires this. AVC paths are already absolute, and I don't think
there are any other paths. Is this right?
Thanks,
Matt
--
Matthew Booth, RHCA, RHCSS
Red Hat, Global Professional Services
M: +44 (0)7977 267231
GPG ID: D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
[-- Attachment #1.2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Expanding PATH records to be absolute paths
2007-09-12 18:14 Expanding PATH records to be absolute paths Matthew Booth
@ 2007-09-12 18:34 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2007-09-12 18:34 UTC (permalink / raw)
To: linux-audit
On Wednesday 12 September 2007 14:14:58 Matthew Booth wrote:
> If I were going to do this from scratch, I'd cache CWD records and
> rewrite PATH records on the way through. I don't believe any other
> record requires this. AVC paths are already absolute, and I don't think
> there are any other paths. Is this right?
seems like its something like:
char *tpath, *actual;
asprintf(&tpath, "%s/%s", cwd, path);
actual = realpath(tpath, NULL);
if (actual) {
// whatever you want to do with the canonicalized absolute pathname.
free(actual);
}
free(tpath);
HTH,
-Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-09-12 18:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-09-12 18:14 Expanding PATH records to be absolute paths Matthew Booth
2007-09-12 18:34 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox