[Top] [All Lists]

Re: [PATCH] Add audit uid to netlink credentials

To: Linux Audit Discussion <linux-audit@xxxxxxxxxx>
Subject: Re: [PATCH] Add audit uid to netlink credentials
From: Stephen Smalley <sds@xxxxxxxxxxxxxx>
Date: Wed, 09 Feb 2005 13:23:01 -0500
Cc: netdev@xxxxxxxxxxx, davem@xxxxxxxxxxxxx, kuznet@xxxxxxxxxxxxx
In-reply-to: <1107960659.4837.9.camel@serge>
Organization: National Security Agency
References: <20050204165840.GA2320@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1107958621.19262.524.camel@xxxxxxxxxxxxxxxxxxxxxxxxxx> <1107960659.4837.9.camel@serge>
Sender: netdev-bounce@xxxxxxxxxxx
On Wed, 2005-02-09 at 09:50, Serge Hallyn wrote:
> CAP_AUDIT_WRITE is needed, but not CAP_AUDIT_CONTROL, which is needed to
> set the loginuid.  Of course, an LSM could check at
> security_netlink_send whether the login_uid in the payload is the same
> as the real loginuid.  Otherwise, we're wasting a (very precious)
> capability bit.
> In either case, have we decided we don't want it in the netlink
> credentials after all?

If the audit subsystem truly needs to include the loginuid in audit
messages generated upon processing netlink messages, then I think it
belongs in the control buffer as per your patch.  Alexey has confirmed
that we cannot use the current task's audit context regardless.

As a side bar, a similar security field in the control buffer would
likewise be very useful so that SELinux could set the SID for use in
permission checks by receive functions.

Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

<Prev in Thread] Current Thread [Next in Thread>