[PATCH] Add audit uid to netlink credentials
Chris Wright
chrisw at osdl.org
Thu Feb 10 00:19:46 UTC 2005
* David Woodhouse (dwmw2 at infradead.org) wrote:
> On Wed, 2005-02-09 at 15:38 -0800, Chris Wright wrote:
> >I just don't see it making sense to add another credential for a special
> >case. The signal code already peaks into the siginfo struct when queueing
> >a signal to make sure some user isn't trying to send si_code == SI_KERNEL
> >or similar. Perhaps audit could do that with it's own payload during send.
> >No matter how we slice it, it's a special case.
>
> I'm not entirely sure the check is needed anyway. This is a trusted
> application sending audit messages. Why shouldn't it be permitted to log
> auditable events which were triggered by someone _else_?
Then it comes back to the question of how to protect loginuid. If it
can be spoofed by someone with CAP_AUDIT_WRITE, then it shouldn't be
write protected by CAP_AUDIT_CONTROL.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
More information about the Linux-audit
mailing list