[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#565515: ITP: sudosh3 -- Complete logging for sudo

On Sat, Jan 16, 2010 at 04:00:56PM +0100, Sylvestre Ledru wrote:
> * Package name    : sudosh3
>   Version         : 3.2.0
>   Upstream Author : Giulio Capitanio    <giulio.capitanio@gmail.com>
> * URL             : http://sourceforge.net/projects/sudosh3/
>   Description     : Complete logging for sudo
>  sudosh allows complete session logging of shells run under sudo.
>  Individual sudo commands are still logged as normal but running a shell
>  under sudosh records the entire session as well as session timings for
>  complete playback later.

Uhm, it appears to be an one-trick pony which tries to replicate what ttyrec
does, except that it's usage is sharply limited, it spits out several files
instead of one, and the code quality is terrible.  Just one example:

In replay.c, it does sscanf("... %i ...", &b) to an int, makes a sanity
check, rejecting values of b more than 8MB -- comparing it as a _signed_
value.  Then, it does read(fd, buffer, (size_t)b).  (size_t is unsigned).

But after a second reading of the code, you don't need to go that far.  The
check against overflow was for 8MB, and size of the static buffer is 8192

> * License         : Open Software License version 2.0 (non free)

Is there any need for non-free tools where better free equivalents already
exist?  Try ttyrec, my termrec, script -t (not as well suited for this
task), RealLog, nh_recorder or one of many others...

1KB		// Microsoft corollary to Hanlon's razor:
		//	Never attribute to stupidity what can be
		//	adequately explained by malice.

Reply to: