From: Yu Zhiguo <yuzg@cn.fujitsu.com>
To: Steve Grubb <sgrubb@redhat.com>
Cc: audit-list <linux-audit@redhat.com>
Subject: [PATCH] make it match explicitly when use option '-a', '-A' and '-d' to specify "list,action"
Date: Fri, 18 Jul 2008 14:54:52 +0800 [thread overview]
Message-ID: <48803E3C.4060209@cn.fujitsu.com> (raw)
Hello Steve,
I know "list" and "action" can be changed, this is convenient.
But wildcard match maybe make user confused, for example "auditctl -a noentry,noalways"
will add a rule same with "auditctl -a entry,always".
furthermore, comma must be used to seperate list and action according to manpage:
"Please note the comma separating the two values. Omitting it will cause errors."
but now, "auditctl -a entryalways" will add the same rule.
So we'd better make it match explicitly. This is a patch for latest audit-1.7.4.
Signed-off-by: Yu Zhiguo<yuzg@cn.fujitsu.com>
---
src/auditctl.c | 25 ++++++++++++++++---------
1 files changed, 16 insertions(+), 9 deletions(-)
diff --git a/src/auditctl.c b/src/auditctl.c
index 2c136ea..1aba437 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -168,27 +168,34 @@ static void usage(void)
/* Returns 0 ok, 1 deprecated action, 2 error */
static int audit_rule_setup(const char *opt, int *flags, int *act)
{
- if (strstr(opt, "task"))
+ char *p;
+ if ((strchr(opt, ',') != strrchr(opt, ',')) || !strchr(opt, ','))
+ return 2;
+
+ p = strchr(opt, ',');
+ if (!strncmp(opt, "task,", p - opt + 1) || !strcmp(p, ",task"))
*flags = AUDIT_FILTER_TASK;
- else if (strstr(opt, "entry"))
+ else if (!strncmp(opt, "entry,", p - opt + 1) || !strcmp(p, ",entry"))
*flags = AUDIT_FILTER_ENTRY;
- else if (strstr(opt, "exit"))
+ else if (!strncmp(opt, "exit,", p - opt + 1) || !strcmp(p, ",exit"))
*flags = AUDIT_FILTER_EXIT;
- else if (strstr(opt, "user"))
+ else if (!strncmp(opt, "user,", p - opt + 1) || !strcmp(p, ",user"))
*flags = AUDIT_FILTER_USER;
- else if (strstr(opt, "exclude")) {
+ else if (!strncmp(opt, "exclude,", p - opt + 1) || !strcmp(p, ",exclude")) {
*flags = AUDIT_FILTER_EXCLUDE;
exclude = 1;
} else
return 2;
- if (strstr(opt, "never"))
+
+ if (!strncmp(opt, "always,", p - opt + 1) || !strcmp(p, ",always"))
+ *act = AUDIT_ALWAYS;
+ else if (!strncmp(opt, "never,", p - opt + 1) || !strcmp(p, ",never"))
*act = AUDIT_NEVER;
- else if (strstr(opt, "possible"))
+ else if (!strncmp(opt, "possible,", p - opt + 1) || !strcmp(p, ",possible"))
return 1;
- else if (strstr(opt, "always"))
- *act = AUDIT_ALWAYS;
else
return 2;
+
return 0;
}
next reply other threads:[~2008-07-18 6:54 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-18 6:54 Yu Zhiguo [this message]
2008-07-18 8:49 ` [PATCH] make it match explicitly when use option '-a', '-A' and '-d' to specify "list,action" Miloslav Trmač
2008-07-18 11:52 ` Yu Zhiguo
2008-07-18 11:56 ` Miloslav Trmač
2008-07-30 6:32 ` Yu Zhiguo
2008-07-31 0:57 ` Yu Zhiguo
2008-08-04 19:37 ` Steve Grubb
2008-08-05 2:14 ` [PATCH] the usage of strchr is wrong Yu Zhiguo
2008-08-05 2:43 ` Yu Zhiguo
2008-08-05 12:00 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48803E3C.4060209@cn.fujitsu.com \
--to=yuzg@cn.fujitsu.com \
--cc=linux-audit@redhat.com \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox