Bug 147704
| Summary: | laus incorrectly truncates path string when predicate filter is used | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 3 | Reporter: | Neil Horman <nhorman> | ||||||
| Component: | kernel | Assignee: | Neil Horman <nhorman> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 3.0 | CC: | peterm, petrides, riel, tao | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2005-05-18 13:29:17 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 110928 [details]
patch to fix substring comparisons based on prefix length for predicate path filters
This patch changes the strcmp call in audit_fileset_match to strncmp limiting
the length of the comparison to the length of the prefix used in the predicate
filter. This causes substring matches to succede, instead of incorrectly
failing if the strings being compared are of unequal length. An incorrectly
failed match results in the function being sent down a different code path
which results in the log string getting truncated to the length of the
predicate string, hence the display of only hte predicate in the log.
A fix for this problem has just been committed to the RHEL3 U5 patch pool this evening (in kernel version 2.4.21-27.14.EL). Created attachment 111126 [details]
final version of the laus patch that was checked inot the kernel
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-294.html |
Description of problem: when using the predicate filter on laus, the filter application code sometimes fails to match the fliter substring to a path because string lengths can be different. Version-Release number of selected component (if applicable): all How reproducible: always Steps to Reproduce: 1.Set up a filter file which includes a predicate directive to filter paths which are in a given subdirectory prefix, I used: predicate is-etc = prefix(/etc); 2.Configure the filter file to watch a syscall which passes a path variable. I used the following construct: set file-ops = { "link", "unlink", }; syscall @file-ops = is-etc(arg0); 3. touch /etc/testfile.txt 4. run the following command: aurun unlink /etc/testfile.txt Actual results: running aucat produces: root unlink("/etc"); result=0 Expected results: running aucat should produce: root unlink("/etc/testfile.txt"); result=0 Additional info: