[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] Add audit uid to netlink credentials

Chris Wright wrote:

Here's an example of what I mean. It's quite rough, doesn't yet eliminate any of the code that it eventually could, and doesn't deal with broadcast. I gave it a quick test with audit netlink, and it does what I expect.


It seems that this approach would work for keeping the loginuid in the payload. The audit handler can then just set the loginuid in the payload - basically ignoring whatever the application put into this field. This is assuming that we are dealing with the structures in kernel memory here - I'm not that familiar with this code...

Regarding an application setting the loginuid: Setting the loginuid is an operation that is crucial to the reliability of the audit records, and is appropriately protected with CAP_AUDIT_CONTROL. It is my understanding that the loginuid associated with an audit record should be the loginuid of the process that caused the record to be generated. If a userspace application wants to log messages for another user, it can do so by simply adding that user's identification information into the message it is writing (it can put anything it wants to in there), the loginuid associated with the record still needs to be that of the process which caused the record to be generated - the process writing the record from userspace.

Are the changes of this method really better than simply adding the loginuid to the loginuid to the netlink_skb_parms structure? I guess they would be if there are other netlinkers that could make use of the check function.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]