Tomas Mraz wrote:
1. Messages contain <name>=<value> pairs separated by spaces.
2. All <names> are just alphanumeric sequences.
3. Values can be either:
a) byte sequences with the following special characters encoded as %XX
where XX is hexadecimal value of the encoded byte. Special characters
are: bytes with value <= 0x20 or >= 0x7F, '%', '(', ')', and '='.
b) recursively embedded messages enclosed in '(' and ')' parentheses.
I think if a value is a string then the fact it is a string should be
explicit and the boundaries of the string should be delimited.
The simplest way to achieve this is by enclosing string values in double
quotes and assuring any double quote contained in the string is escaped.
If a value is not enclosed in double quotes it is not a string and is
not subject to unescaping (decoding).
--
John Dennis <[EMAIL PROTECTED]>
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
