[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] enable /proc/$$/loginuid



--- Stephen Smalley <sds epoch ncsc mil> wrote:


> I'm not sure I follow.  First, the current code
> seems to always set up
> an audit context by default unless the task is
> explicitly marked
> non-auditable.

Is it impossible for a task to change from
non-auditable to auditable without setting
the loginuid?

Is it possible for an auditable task to
perform an auditable action on the behalf
of a non-auditable task? An example here
might be a non-auditable GUI making a
request of the X11 server, or a non-auditable
cluster management daemon using a remote
service via xinetd. In either case the
auditable task needs the loginuid of the
non-auditable task in order to ensure that
auditing is done properly.

> Second, even if an audit context
> does not exist, you can
> easily check for a null audit context and just
> return (uid_t)-1 in that
> case.

I'm sure an evaluation team would get a kick
out of finding that in the audit system
description.

> The loginuid serves no purpose for
> non-auditable tasks, and it
> seems wasteful to put it into the task struct.

While the loginuid may not be directly useful
to a task that never generates audit records
it may be useful for other tasks that are doing
work on that task's behalf.

The audituid of xinetd is rarely interesting.
The audituid of a task that makes a request of
xinetd is usually interesting.


=====
Casey Schaufler
casey schaufler-ca com


		
__________________________________ 
Do you Yahoo!? 
Take Yahoo! Mail with you! Get it on your mobile phone. 
http://mobile.yahoo.com/maildemo 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]