[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: audit 0.9.12 released



On Thursday 23 June 2005 17:08, David Woodhouse wrote:
> If you send a message and disappear without waiting for the ack, then
> your message may or may not get logged. If it _is_ logged, then it'll be
> logged with the correct credentials.

uid, pid, and loginuid are the only things collected by netlink for the 
sender's credentials. Another app could reuse the pid by the time the netlink 
message is processed. The lookup will succeed, but the check is against the 
wrong process.

> I think it's OK to declare that sending a message without waiting for
> the ack is not guaranteed to work.

We make no requirements for this anywhere else. We just need to filter against 
the netlink credentials since that is all we know to be true.

> I'm more interested in finding the real reason why it didn't work. Were
> you setting the syscall bitmask to all ones in auditctl?

Yes.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]