[RFC][PATCH] Inherit loginuid from parent

Stephen Smalley sds at epoch.ncsc.mil
Thu Jan 6 18:27:55 UTC 2005


Hi,

I might be mis-reading the code, but it appears that the current
audit_alloc() code is not preserving the loginuid of the parent process
for the child process upon a fork or clone.  Instead, it is checking to
see if the just-created child has an existing audit context and if so,
copies the loginuid from it, which seems nonsensical, especially as it
does nothing to free any existing audit context if one exists already. 
Does this patch look correct?  In this context, tsk == the child, and
current == the parent.  The child has not yet started execution at this
point; it is still being setup by the fork/clone code. 

--- linux-2.6.10/kernel/auditsc.c.orig	2005-01-06 13:11:51.000000000 -0500
+++ linux-2.6.10/kernel/auditsc.c	2005-01-06 13:14:28.000000000 -0500
@@ -549,8 +549,8 @@ int audit_alloc(struct task_struct *tsk)
 
 				/* Preserve login uid */
 	context->loginuid = -1;
-	if (tsk->audit_context)
-		context->loginuid = tsk->audit_context->loginuid;
+	if (current->audit_context)
+		context->loginuid = current->audit_context->loginuid;
 
 	tsk->audit_context  = context;
 	set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT);

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the Linux-audit mailing list