Argument check not preventing additional arguments
McModknower opened this issue · comments
McModknower commented
The argument check during the rule checking at
Line 131 in 61670f4
inarray
with the arguments in the rule as the second parameter. Since inarray
has the outer loop over the second list, it will check that all the elements in the second list are also in the first list, aka that all arguments in the rule are also in the command.
This does not prevent extra arguments that might compromise security, like adding -F /etc/shadow
to exas -u root dmesg
.