Eric Paris wrote:
it needs to stay an untrusted string, but its name, well yeah, that doesn't tell us a whole lot, does it?
It's the untrusted string code which is the primary culprit. If we fixed audit so that *all* strings written by audit are formatted by exactly one string formatting routine and that routine is sane then 99.99% of the problems would go away. That was the thrust of my original email and what I was most concerned about. Perhaps unfortunately the email included some optional suggestions which is what some folks latched onto obscuring the real issue.
-- John Dennis <[EMAIL PROTECTED]> -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
