[PATCH] Add audit uid to netlink credentials

David Woodhouse dwmw2 at infradead.org
Thu Feb 10 14:56:36 UTC 2005


On Thu, 2005-02-10 at 09:37 -0500, Chad Hanson wrote:
> In your example of a process watching daemon, why would this daemon want to
> spoof the credentials of the watched process? I can think of two examples.

Perhaps I misunderstand the intent of userspace AUDIT_WRITE. Can you
provide examples of why you _wouldn't_ want to let a dæmon which is
already sending random unvetted AUDIT_WRITE messages also specify the
loginuid on _those_ messages?

-- 
dwmw2




More information about the Linux-audit mailing list