Search String: Display: Description: Sort:

Results:

References: [ +subject:/^(?:^\s*(re|sv|fwd|fw)[\[\]\d]*[:>-]+\s*)*\[PATCH\]\s+Add\s+audit\s+uid\s+to\s+netlink\s+credentials\s*$/: 58 ]

Total 58 documents matching your query.

1. [PATCH] Add audit uid to netlink credentials (score: 1)
Author: xxxxxx>
Date: Fri, 4 Feb 2005 10:58:40 -0600
Most audit control messages are sent over netlink. In order to properly log the identity of the sender of audit control messages, we would like to add the loginuid to the netlink_creds structure, as
/archives/netdev/2005-02/msg00128.html (19,111 bytes)

2. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: maline@xxxxxxxxx>
Date: Tue, 8 Feb 2005 07:04:13 +0100 (CET)
On Fri, 4 Feb 2005, Serge E. Hallyn wrote: Most audit control messages are sent over netlink. In order to properly log the identity of the sender of audit control messages, we would like to add the l
/archives/netdev/2005-02/msg00257.html (9,463 bytes)

3. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: xxxxxxxxxxxxx>
Date: Wed, 09 Feb 2005 08:34:39 -0500
-- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
/archives/netdev/2005-02/msg00289.html (10,004 bytes)

4. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: xxxxxxxxxxxxxxxxx>
Date: Wed, 09 Feb 2005 15:10:08 +0100
Stephen Smalley wrote: On Tue, 2005-02-08 at 01:04, Patrick McHardy wrote: Reception of netlink messages in the kernel happens in the context of the sending process, so you can simply call audit_get_
/archives/netdev/2005-02/msg00290.html (11,185 bytes)

5. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: l@xxxxxxxxxxxxxx
Date: Wed, 09 Feb 2005 14:17:00 +0000
I think it would be better to leave the loginuid in the payload of the audit packets, not put it into generic netlink structures. The only time it's possibly worth verifying it is for the case where
/archives/netdev/2005-02/msg00291.html (10,747 bytes)

6. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: xxxxxxxxxxxxxx>
Date: Wed, 9 Feb 2005 17:19:46 +0300
Yes, when kernel receives a message, it can be processed in context of another process. This happens with rtnetlink, which queues messages when someone holds netadmin semaphore and processing of bac
/archives/netdev/2005-02/msg00292.html (10,924 bytes)

7. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: xxxxxxxx>
Date: Wed, 09 Feb 2005 08:50:59 -0600
CAP_AUDIT_WRITE is needed, but not CAP_AUDIT_CONTROL, which is needed to set the loginuid. Of course, an LSM could check at security_netlink_send whether the login_uid in the payload is the same as t
/archives/netdev/2005-02/msg00293.html (10,546 bytes)

8. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: @xxxxxxxxxxxxx>
Date: Wed, 9 Feb 2005 19:49:29 +0300
I am sorry, this is wrong. Dequeue may happen in another process context in any case. Alexey
/archives/netdev/2005-02/msg00294.html (10,618 bytes)

9. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: @xxxxxxxxxxxxx>
Date: Wed, 09 Feb 2005 13:23:01 -0500
If the audit subsystem truly needs to include the loginuid in audit messages generated upon processing netlink messages, then I think it belongs in the control buffer as per your patch. Alexey has co
/archives/netdev/2005-02/msg00295.html (11,318 bytes)

10. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: znet@xxxxxxxxxxxxx>
Date: Wed, 9 Feb 2005 10:37:47 -0800
This means sendmsg hook would set the SID? And in that case, you'd stomp on loginuid for audit messages unless they are special cased. The loginuid is special case to audit, it doesn't make sense to
/archives/netdev/2005-02/msg00297.html (12,196 bytes)

11. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: lley <sds@xxxxxxxxxxxxxx>
Date: Wed, 09 Feb 2005 13:40:48 -0500
I was referring to a separate field for use by security modules, not re-use of the same field being proposed for the loginuid. Yes, it would be set by the security_netlink_send hook. The principal pr
/archives/netdev/2005-02/msg00298.html (12,011 bytes)

12. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: l <mpm@xxxxxxxxxxx>
Date: Wed, 09 Feb 2005 19:52:17 +0100
if (down_trylock(&audit_netlink_sem)) return; with plain down(&audit_netlink_sem); I am sorry, this is wrong. Dequeue may happen in another process context in any case. Could you explain how this ca
/archives/netdev/2005-02/msg00299.html (11,342 bytes)

13. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: xxxxxxxxxxxx>
Date: Wed, 09 Feb 2005 13:53:44 -0500
More packets may be queued by another sender while audit_receive() is still processing the original one, so it will process them too. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
/archives/netdev/2005-02/msg00301.html (11,253 bytes)

14. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: lkml@xxxxxxxxxxxxxx
Date: Wed, 9 Feb 2005 15:38:16 -0800
This makes sense to me. Just an extension of existing eff_cap and would be used by security modules for each netlink packet. I just don't see it making sense to add another credential for a special c
/archives/netdev/2005-02/msg00310.html (13,703 bytes)

15. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: <andre@xxxxxxxx>
Date: Wed, 09 Feb 2005 23:56:09 +0000
I'm not entirely sure the check is needed anyway. This is a trusted application sending audit messages. Why shouldn't it be permitted to log auditable events which were triggered by someone _else_? I
/archives/netdev/2005-02/msg00311.html (12,076 bytes)

16. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: vem@xxxxxxxxxxxxx>
Date: Wed, 9 Feb 2005 16:19:46 -0800
Then it comes back to the question of how to protect loginuid. If it can be spoofed by someone with CAP_AUDIT_WRITE, then it shouldn't be write protected by CAP_AUDIT_CONTROL. thanks, -chris -- Linux
/archives/netdev/2005-02/msg00312.html (12,403 bytes)

17. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: 2@xxxxxxxxxxxxx>
Date: Wed, 9 Feb 2005 17:11:15 -0800
Here's an example of what I mean. It's quite rough, doesn't yet eliminate any of the code that it eventually could, and doesn't deal with broadcast. I gave it a quick test with audit netlink, and it
/archives/netdev/2005-02/msg00314.html (16,107 bytes)

18. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: oshfuji@xxxxxxxxxxxxxx>
Date: Thu, 10 Feb 2005 09:20:12 +0000
I'm not sure I agree with that. With CAP_AUDIT_WRITE you _can't_ modify the loginuid of the audit logs of your own actions. You can only modify the loginuid on the messages you pull out of thin air a
/archives/netdev/2005-02/msg00325.html (12,106 bytes)

19. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: xxxxxxx>
Date: Thu, 10 Feb 2005 07:36:09 -0500
Why not just call the security handler from the security_netlink_send() function, which is already called by netlink_sendmsg()? Note that SELinux (thanks to work by James Morris a while back) does ap
/archives/netdev/2005-02/msg00329.html (13,143 bytes)

20. Re: [PATCH] Add audit uid to netlink credentials (score: 1)
Author: 明 <yoshfuji@xxxxxxxxxxxxxx>
Date: Thu, 10 Feb 2005 07:40:17 -0500
-- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
/archives/netdev/2005-02/msg00330.html (12,075 bytes)


This search system is powered by Namazu