[PATCH] Add audit uid to netlink credentials
David Woodhouse
dwmw2 at infradead.org
Thu Feb 10 09:20:12 UTC 2005
On Wed, 2005-02-09 at 16:19 -0800, Chris Wright wrote:
> Then it comes back to the question of how to protect loginuid. If it
> can be spoofed by someone with CAP_AUDIT_WRITE, then it shouldn't be
> write protected by CAP_AUDIT_CONTROL.
I'm not sure I agree with that. With CAP_AUDIT_WRITE you _can't_ modify
the loginuid of the audit logs of your own actions. You can only modify
the loginuid on the messages you pull out of thin air and send. You can
already make up the rest of the payload -- why shouldn't you be allowed
to make up the loginuid too? You could be reporting something that
someone _else_ has done, after all.
Or am I misunderstanding the intended use of CAP_AUDIT_WRITE?
--
dwmw2
More information about the Linux-audit
mailing list