New audit-perms patch [ Re: Audit perms check on recv ]

Stephen Smalley sds at epoch.ncsc.mil
Thu Jan 6 15:38:39 UTC 2005


On Thu, 2005-01-06 at 11:40, Serge Hallyn wrote:
> Hi,
> 
> So to be clear, are the following associations correct?
> 
> AUDIT_GET:  no capability
> AUDIT_LIST: no capability
> AUDIT_USER: CAP_AUDIT_WRITE
> AUDIT_LOGIN: CAP_AUDIT_WRITE
> AUDIT_SET: CAP_AUDIT_CONTROL
> AUDIT_ADD: CAP_AUDIT_CONTROL
> AUDIT_DEL: CAP_AUDIT_CONTROL

I actually got the impression (possibly wrong) from Casey's posting that
the desired associations were CAP_AUDIT_WRITE for AUDIT_USER only, and
CAP_AUDIT_CONTROL for all other operations, even AUDIT_GET and
AUDIT_LIST (and AUDIT_LOGIN).  That allows applications to write records
to the audit trail without any other access.  Of course, it means that
login would be able to arbitrarily control auditing, since it needs
AUDIT_LOGIN.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the Linux-audit mailing list