[PATCH] Add audit uid to netlink credentials
David Woodhouse
dwmw2 at infradead.org
Thu Feb 10 12:49:39 UTC 2005
On Thu, 2005-02-10 at 07:40 -0500, Stephen Smalley wrote:
> To be precise, isn't it true that someone with only CAP_AUDIT_WRITE
> would only be able to spoof loginuids in the AUDIT_USER messages they
> generate? The loginuid on any syscall audit messages for the task would
> still be the one associated with the task's audit context, so that would
> not be spoofable.
Correct.
--
dwmw2
More information about the Linux-audit
mailing list