On Thu, Jul 14, 2016 at 4:18 PM, William Roberts <bill.c.robe...@gmail.com>
wrote:
>
>
> On Thu, Jul 14, 2016 at 3:17 PM, Paul Moore <p...@paul-moore.com> wrote:
>
>> On Thu, Jul 14, 2016 at 3:29 PM, <william.c.robe...@intel.com> wrote:
>> > From: William Roberts <william.c.robe...@intel.com>
>> >
>> > ioctlcmd is currently printing hex numbers, but their is no leading
>> > 0x. Thus things like ioctlcmd=1234 are misleading, as the base is
>> > not evident.
>> >
>> > Correct this by adding 0x as a prefix, so ioctlcmd=1234 becomes
>> ioctlcmd=0x1234.
>> >
>> > Signed-off-by: William Roberts <william.c.robe...@intel.com>
>> > ---
>> > security/lsm_audit.c | 2 +-
>> > 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> NOTE: adding Steve Grubb and the audit mailing list to the CC line
>>
>> Like it or not, I believe the general standard/convention when it
>> comes to things like this is to leave off the "0x" prefix; the idea
>> being that is saves precious space in the audit logs and the value is
>> only ever going to be in hex anyway.
>>
>
> Is it always in hex, what about pid?
>
Outside of escaped untrusted input, everything I see is printed in base10.
But if its convention that "you should just know", I am fine
with that too, its just that it wasn't self evident in the logs, and the
first time I encountered it their was no documentation or tooling
supporting it.
>
>>
>> > diff --git a/security/lsm_audit.c b/security/lsm_audit.c
>> > index cccbf30..82e4dbb 100644
>> > --- a/security/lsm_audit.c
>> > +++ b/security/lsm_audit.c
>> > @@ -257,7 +257,7 @@ static void dump_common_audit_data(struct
>> audit_buffer *ab,
>> > audit_log_format(ab, " ino=%lu", inode->i_ino);
>> > }
>> >
>> > - audit_log_format(ab, " ioctlcmd=%hx", a->u.op->cmd);
>> > + audit_log_format(ab, " ioctlcmd=0x%hx", a->u.op->cmd);
>> > break;
>> > }
>> > case LSM_AUDIT_DATA_DENTRY: {
>> > --
>> > 1.9.1
>> >
>> > _______________________________________________
>> > Selinux mailing list
>> > seli...@tycho.nsa.gov
>> > To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
>> > To get help, send an email containing "help" to
>> selinux-requ...@tycho.nsa.gov.
>>
>> --
>> paul moore
>> www.paul-moore.com
>> _______________________________________________
>> Selinux mailing list
>> seli...@tycho.nsa.gov
>> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
>> To get help, send an email containing "help" to
>> selinux-requ...@tycho.nsa.gov.
>>
>
>
>
> --
> Respectfully,
>
> William C Roberts
>
>
--
Respectfully,
William C Roberts
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
