From: Marc Stern <marc.stern@ap...> - 2011-10-17 09:02:57
In case you output MATCHED_VAR in the audit log message, it could be
used by an attacker to screw up the logs (imagine he sets a 4 MB arg).
You have the same for all other variables.
I currently see no way to limit the length of this variable (except by
writing a special rule to extract the first x characters, but this is
not generic). It would be useful to be able to limit the length of the
macro expansion in the message, no?
Get latest updates about Open Source Projects, Conferences and News.