[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] enable /proc/$$/loginuid



--- Stephen Smalley <sds epoch ncsc mil> wrote:


> Why require CAP_AUDIT_CONTROL to read the loginuid? 

Since the loginuid identifies the individual who
will be held accountable for the action* it should
be hidden from untrusted (unprivileged) users to
prevent an evil minded program from taking actions
based on who will get the blame for them. This was
the guidance given us during the Trix B1 evaluation
of 1995.

----
* That's right, isn't it?


=====
Casey Schaufler
casey schaufler-ca com

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]