On Fri, 21 Apr 2006 09:20:10 EDT, Steve Grubb said: > To give some background...we have this open bugzilla: > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168285 > > It was agreed last summer that this would be useful for people. It has > nothing > to do with CAPP certification, so it was put on the back burner. No one had > the time to complete it until now. What the patch does is collect the string > arguments to execve and logs them as an auxiliary record. It was also put > onto linux-audit mail list as a proposal, item #1 here: > > https://www.redhat.com/archives/linux-audit/2005-September/msg00061.html
Does this allow an attacker to DoS the audit log by creating a fork/exec loop intentionally invoking a totally duff binary, but that includes a very long argument? Maybe a "first 32/64 bytes of each argument" limit is needed? Or is there one there and I missed it?
pgpa5u3V3IdIj.pgp
Description: PGP signature
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
