452390 – PATH and EXECVE audit records contain bogus newlines

Bug 452390 - PATH and EXECVE audit records contain bogus newlines

Summary: PATH and EXECVE audit records contain bogus newlines

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	4.6
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Jiri Pirko
QA Contact:	Martin Jenner
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	461297 479412
TreeView+	depends on / blocked

Reported:	2008-06-21 22:15 UTC by Matthew Booth
Modified:	2015-05-05 01:15 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	479412 (view as bug list)
Environment:
Last Closed:	2009-05-18 19:19:51 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Patch to remove bogus newlines in PATH and EXECVE records (895 bytes, patch) 2008-06-21 22:15 UTC, Matthew Booth	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2009:1024	0	normal	SHIPPED_LIVE	Important: Red Hat Enterprise Linux 4.8 kernel security and bug fix update	2009-05-18 14:57:26 UTC

Description Matthew Booth 2008-06-21 22:15:46 UTC

Description of problem:
PATH records, as output by the kernel, contain a newline after the flags fields,
which is in the middle of the record.

EXECVE records contain a newline after every argument.

auditd seems to hide this, but they're there nevertheless. If you're not using
auditd, you need to work round them.

I've attached a patch which I think would fix them. However, I'm not able to
test the patch *at all* right now (even for compilation).

Version-Release number of selected component (if applicable):
kernel-2.6.9-67.0.15.EL

Comment 1 Matthew Booth 2008-06-21 22:15:46 UTC

Created attachment 309983 [details]
Patch to remove bogus newlines in PATH and EXECVE records

Comment 2 RHEL Program Management 2008-09-03 13:02:36 UTC

Updating PM score.

Comment 3 Vivek Goyal 2009-01-14 14:23:05 UTC

Committed in 78.28.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/

Comment 7 errata-xmlrpc 2009-05-18 19:19:51 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1024.html

Note You need to log in before you can comment on or make changes to this bug.