Bug 452390 - PATH and EXECVE audit records contain bogus newlines
PATH and EXECVE audit records contain bogus newlines
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
4.6
x86_64 Linux
high Severity high
: rc
: ---
Assigned To: Jiri Pirko
Martin Jenner
:
Depends On:
Blocks: 461297 479412
  Show dependency treegraph
 
Reported: 2008-06-21 18:15 EDT by Matthew Booth
Modified: 2015-05-04 21:15 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 479412 (view as bug list)
Environment:
Last Closed: 2009-05-18 15:19:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to remove bogus newlines in PATH and EXECVE records (895 bytes, patch)
2008-06-21 18:15 EDT, Matthew Booth
no flags Details | Diff

  None (edit)
Description Matthew Booth 2008-06-21 18:15:46 EDT
Description of problem:
PATH records, as output by the kernel, contain a newline after the flags fields,
which is in the middle of the record.

EXECVE records contain a newline after every argument.

auditd seems to hide this, but they're there nevertheless. If you're not using
auditd, you need to work round them.

I've attached a patch which I think would fix them. However, I'm not able to
test the patch *at all* right now (even for compilation).

Version-Release number of selected component (if applicable):
kernel-2.6.9-67.0.15.EL
Comment 1 Matthew Booth 2008-06-21 18:15:46 EDT
Created attachment 309983 [details]
Patch to remove bogus newlines in PATH and EXECVE records
Comment 2 RHEL Product and Program Management 2008-09-03 09:02:36 EDT
Updating PM score.
Comment 3 Vivek Goyal 2009-01-14 09:23:05 EST
Committed in 78.28.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/
Comment 7 errata-xmlrpc 2009-05-18 15:19:51 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1024.html

Note You need to log in before you can comment on or make changes to this bug.