netdev
[Top] [All Lists]

Re: [PATCH] Add audit uid to netlink credentials

To: Linux Audit Discussion <linux-audit@xxxxxxxxxx>
Subject: Re: [PATCH] Add audit uid to netlink credentials
From: Stephen Smalley <sds@xxxxxxxxxxxxxx>
Date: Thu, 10 Feb 2005 07:40:17 -0500
Cc: David Woodhouse <dwmw2@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxx, davem@xxxxxxxxxxxxx, kuznet@xxxxxxxxxxxxx
In-reply-to: <20050209161946.F24171@build.pdx.osdl.net>
Organization: National Security Agency
References: <20050204165840.GA2320@IBM-BWN8ZTBWA01.austin.ibm.com> <1107958621.19262.524.camel@hades.cambridge.redhat.com> <1107960659.4837.9.camel@serge> <1107973381.17568.97.camel@moss-spartans.epoch.ncsc.mil> <20050209103747.Y24171@build.pdx.osdl.net> <1107974448.17568.108.camel@moss-spartans.epoch.ncsc.mil> <20050209153816.B24171@build.pdx.osdl.net> <1107993369.9154.2.camel@localhost.localdomain> <20050209161946.F24171@build.pdx.osdl.net>
Sender: netdev-bounce@xxxxxxxxxxx
On Wed, 2005-02-09 at 19:19, Chris Wright wrote:
> Then it comes back to the question of how to protect loginuid.  If it
> can be spoofed by someone with CAP_AUDIT_WRITE, then it shouldn't be
> write protected by CAP_AUDIT_CONTROL.

To be precise, isn't it true that someone with only CAP_AUDIT_WRITE
would only be able to spoof loginuids in the AUDIT_USER messages they
generate?  The loginuid on any syscall audit messages for the task would
still be the one associated with the task's audit context, so that would
not be spoofable.

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


<Prev in Thread] Current Thread [Next in Thread>