[RFC][PATCH] loginuid through procfs (+ a question)

Klaus Weidner klaus at atsec.com
Sun Jan 9 12:30:56 UTC 2005


On Sun, Jan 09, 2005 at 06:04:06AM -0600, Klaus Weidner wrote:
> If the kernel can't reliably access the needed information, the audit
> userspace message function must be modified to work synchronously, so
> that the trusted program doesn't proceed until the kernel had a chance to
> pick up the data. Keep in mind that only trusted processes can send these
> messages, so it's okay to require them to follow certain rules.

Another option would be to have the trusted process explicitly include
the login UID in the message. Not very elegant but it may be less work if
the kernel can't reliably get that data.

-Klaus




More information about the Linux-audit mailing list