[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Writting to audit with an application



On Monday 19 March 2007 15:58, geckiv wrote:
>     I never heard of dbus before. Is there an example how it keeps it's  
> CAP_AUDIT_WRITE and changes uids?

Not without looking at its source code. Here's its patch:

http://developer.momonga-linux.org/viewvc/trunk/pkgs/dbus/dbus-0.61-selinux-avc-audit.patch?r1=13947&r2=13946&pathrev=13947&view=patch

nscd also does the same trick, but its coded in glibc style.

> Is this just using setuid() some how? 

No, there's an intricate dance regarding setuid, prctl, & capabilities
that must be followed exactly or bad things can happen.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]