[PATCH] Have auditctl check the capability rather than the uid if we were compiled with cap-ng support. Check the euid rather than uid if we were compiled without cap-ng support

Peter Moody pmoody at google.com
Wed Mar 21 19:11:49 UTC 2012 

This is against the 2.2 release. I wasn't able to get HEAD to compile
(issues with mounttab.h that didn't want to run down because this is
such a small patch).

Signed-off-by: Peter Moody <pmoody at google.com>
---
 trunk/src/Makefile.am |    2 +-
 trunk/src/auditctl.c  |   11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/trunk/src/Makefile.am b/trunk/src/Makefile.am
index d321233..e36bc9f 100644
--- a/trunk/src/Makefile.am
+++ b/trunk/src/Makefile.am
@@ -25,7 +25,7 @@ AUTOMAKE_OPTIONS = no-dependencies
 SUBDIRS = test
 INCLUDES = -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/src/libev
 sbin_PROGRAMS = auditd auditctl aureport ausearch autrace
-LIBS = -Lmt -lauditmt -lpthread
+LIBS = -Lmt -lauditmt -lpthread $(CAPNG_LDADD)
 AM_LDFLAGS = -pthread
 AM_CFLAGS = -D_REENTRANT -D_GNU_SOURCE -pthread
 noinst_HEADERS = auditd-config.h auditd-event.h auditd-listen.h
ausearch-llist.h ausearch-options.h auditctl-llist.h
aureport-options.h ausearch-parse.h aureport-scan.h ausearch-lookup.h
ausearch-int.h auditd-dispatch.h ausearch-string.h ausearch-nvpair.h
ausearch-common.h ausearch-avc.h ausearch-time.h ausearch-lol.h
diff --git a/trunk/src/auditctl.c b/trunk/src/auditctl.c
index d3643fb..936a1a0 100644
--- a/trunk/src/auditctl.c
+++ b/trunk/src/auditctl.c
@@ -36,6 +36,9 @@
 #include <errno.h>
 #include <libgen.h>	/* For basename */
 #include <limits.h>	/* PATH_MAX */
+#ifdef HAVE_LIBCAP_NG
+#include <cap-ng.h>
+#endif
 #include "libaudit.h"
 #include "private.h"

@@ -1160,9 +1163,13 @@ int main(int argc, char *argv[])
 		return 1;
 	}
 #ifndef DEBUG
+#ifdef HAVE_LIBCAP_NG
+	/* Make sure we have the approprirate capabilities */
+	if (capng_have_capability(CAPNG_PERMITTED, CAP_AUDIT_CONTROL) != 1) {
+#else
 	/* Make sure we are root */
-	if (getuid() != 0) {
+	if (geteuid() != 0) {
+#endif
 		fprintf(stderr, "You must be root to run this program.\n");
 		return 4;
 	}
-- 
1.7.7.3


-- 
Peter Moody      Google    1.650.253.7306
Security Engineer  pgp:0xC3410038

More information about the Linux-audit mailing list