LSPP Requirement Specifically for Auditing
Stephen Smalley
sds at tycho.nsa.gov
Mon Oct 3 14:03:18 UTC 2005
On Mon, 2005-10-03 at 09:17 -0400, Steve Grubb wrote:
> 7 User Space SE Linux
> 7.6 newrole made into suid program so that it can send audit messages
Hi,
Have you considered moving the audit generation into a helper program to
avoid having to directly make newrole suid (and to avoid having to
directly allow newrole in policy to access the netlink audit socket)?
That could also be leveraged by the pam infrastructure so that such
access could be removed from a variety of programs that are presently
directly allowed permission to do this. Naturally, the helper has to be
protected against unauthorized invocation (in the DAC case, you could
make it only executable by group, and make newrole sgid, and in SELinux
policy, you could control what domains can transition to the helper's
domain). This would parallel the work done previously by Russell et al
to always use the chkpwd helper for password checking so that direct
access to /etc/shadow could be denied by SELinux policy to most domains.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list