Bug 452390 - PATH and EXECVE audit records contain bogus newlines
PATH and EXECVE audit records contain bogus newlines
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
x86_64 Linux
high Severity high
: rc
: ---
Assigned To: Jiri Pirko
Martin Jenner
Depends On:
Blocks: 461297 479412
  Show dependency treegraph
Reported: 2008-06-21 18:15 EDT by Matthew Booth
Modified: 2015-05-04 21:15 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 479412 (view as bug list)
Last Closed: 2009-05-18 15:19:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch to remove bogus newlines in PATH and EXECVE records (895 bytes, patch)
2008-06-21 18:15 EDT, Matthew Booth
no flags Details | Diff

  None (edit)
Description Matthew Booth 2008-06-21 18:15:46 EDT
Description of problem:
PATH records, as output by the kernel, contain a newline after the flags fields,
which is in the middle of the record.

EXECVE records contain a newline after every argument.

auditd seems to hide this, but they're there nevertheless. If you're not using
auditd, you need to work round them.

I've attached a patch which I think would fix them. However, I'm not able to
test the patch *at all* right now (even for compilation).

Version-Release number of selected component (if applicable):
Comment 1 Matthew Booth 2008-06-21 18:15:46 EDT
Created attachment 309983 [details]
Patch to remove bogus newlines in PATH and EXECVE records
Comment 2 RHEL Product and Program Management 2008-09-03 09:02:36 EDT
Updating PM score.
Comment 3 Vivek Goyal 2009-01-14 09:23:05 EST
Committed in 78.28.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/
Comment 7 errata-xmlrpc 2009-05-18 15:19:51 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.