[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-readline] Re: [PATCH] Add support for Linux TTY input auditing

From: Miloslav Trmac
Subject: Re: [Bug-readline] Re: [PATCH] Add support for Linux TTY input auditing
Date: Tue, 8 Feb 2011 11:31:59 -0500 (EST)

----- Original Message -----
> On 1/18/11 7:03 AM, Miroslav Lichvar wrote:
> > Hi,
> >
> > was this patch considered for inclusion? Are there any issues that
> > needs to be worked on?
> Readline is the wrong place for this function. If you're worried about
> what a system administrator does and what commands he runs, the right
> place to add this is in bash.

This was originally intended to be applied primarily to bash, but there are 
many other relevant uses of readline.

For example, python(1) uses readline.  Recording that the system administrator 
started "python" does not contain much relevant information - was the python 
input "1+2" or "import os; os.system('rm -rf /var/log')"?

Linux supports recording all administrator's keystrokes, and these can be used 
to trace the activity globally - but a keystroke is not the ideal amount of 
information, and may still be insufficient e.g. when the readline-maintained 
history is used ("What happened when the use typed C-o C-o C-o?").  The 
AUDIT_USER_TTY records created by readline would record the information both 1) 
in the ideal resolution (one application input at a time), and 2) in the ideal 
detail (exactly what input was processed by the application).

reply via email to

[Prev in Thread] Current Thread [Next in Thread]