[PATCH] LOGIN message credentials
Steve Grubb
sgrubb at redhat.com
Mon Apr 25 16:14:24 UTC 2005
Hello,
I was testing the kernel and found a problem where the credentials are not
being recorded for LOGIN messages. Here's a typical message:
type=LOGIN msg=audit(1114444861.363:0): login pid=0 uid=0 old
loginuid=4294967295 new loginuid=0
The pid cannot be 0. The problem is that the kernel code assumes the
information is in the audit context. What if audit_get_context has never been
called for that process?
Attached is a patch that passes the needed info out of the task struct to the
function that emits the message.
-Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kernel-2.6.9-login-cred.patch
Type: text/x-diff
Size: 2202 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050425/34d101bd/attachment.bin>
More information about the Linux-audit
mailing list