netdev
[Top] [All Lists]

Re: [PATCH] Add audit uid to netlink credentials

To: Stephen Smalley <sds@xxxxxxxxxxxxxx>
Subject: Re: [PATCH] Add audit uid to netlink credentials
From: Chris Wright <chrisw@xxxxxxxx>
Date: Thu, 10 Feb 2005 09:14:27 -0800
Cc: Linux Audit Discussion <linux-audit@xxxxxxxxxx>, netdev@xxxxxxxxxxx, David Woodhouse <dwmw2@xxxxxxxxxxxxx>, davem@xxxxxxxxxxxxx, kuznet@xxxxxxxxxxxxx
In-reply-to: <1108039217.22172.31.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>; from sds@xxxxxxxxxxxxxx on Thu, Feb 10, 2005 at 07:40:17AM -0500
References: <20050204165840.GA2320@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1107958621.19262.524.camel@xxxxxxxxxxxxxxxxxxxxxxxxxx> <1107960659.4837.9.camel@serge> <1107973381.17568.97.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050209103747.Y24171@xxxxxxxxxxxxxxxxxx> <1107974448.17568.108.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050209153816.B24171@xxxxxxxxxxxxxxxxxx> <1107993369.9154.2.camel@xxxxxxxxxxxxxxxxxxxxx> <20050209161946.F24171@xxxxxxxxxxxxxxxxxx> <1108039217.22172.31.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.2.5i
* Stephen Smalley (sds@xxxxxxxxxxxxxx) wrote:
> On Wed, 2005-02-09 at 19:19, Chris Wright wrote:
> > Then it comes back to the question of how to protect loginuid.  If it
> > can be spoofed by someone with CAP_AUDIT_WRITE, then it shouldn't be
> > write protected by CAP_AUDIT_CONTROL.
> 
> To be precise, isn't it true that someone with only CAP_AUDIT_WRITE
> would only be able to spoof loginuids in the AUDIT_USER messages they
> generate?  The loginuid on any syscall audit messages for the task would
> still be the one associated with the task's audit context, so that would
> not be spoofable.

Yes, that's true.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

<Prev in Thread] Current Thread [Next in Thread>