[Top] [All Lists]

Re: [PATCH] Add audit uid to netlink credentials

To: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
Subject: Re: [PATCH] Add audit uid to netlink credentials
From: Chris Wright <chrisw@xxxxxxxx>
Date: Wed, 9 Feb 2005 16:19:46 -0800
Cc: Linux Audit Discussion <linux-audit@xxxxxxxxxx>, netdev@xxxxxxxxxxx, davem@xxxxxxxxxxxxx, kuznet@xxxxxxxxxxxxx
In-reply-to: <1107993369.9154.2.camel@xxxxxxxxxxxxxxxxxxxxx>; from dwmw2@xxxxxxxxxxxxx on Wed, Feb 09, 2005 at 11:56:09PM +0000
References: <20050204165840.GA2320@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1107958621.19262.524.camel@xxxxxxxxxxxxxxxxxxxxxxxxxx> <1107960659.4837.9.camel@serge> <1107973381.17568.97.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050209103747.Y24171@xxxxxxxxxxxxxxxxxx> <1107974448.17568.108.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050209153816.B24171@xxxxxxxxxxxxxxxxxx> <1107993369.9154.2.camel@xxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.2.5i
* David Woodhouse (dwmw2@xxxxxxxxxxxxx) wrote:
> On Wed, 2005-02-09 at 15:38 -0800, Chris Wright wrote:
> >I just don't see it making sense to add another credential for a special
> >case.  The signal code already peaks into the siginfo struct when queueing
> >a signal to make sure some user isn't trying to send si_code == SI_KERNEL
> >or similar.  Perhaps audit could do that with it's own payload during send.
> >No matter how we slice it, it's a special case.
> I'm not entirely sure the check is needed anyway. This is a trusted
> application sending audit messages. Why shouldn't it be permitted to log
> auditable events which were triggered by someone _else_? 

Then it comes back to the question of how to protect loginuid.  If it
can be spoofed by someone with CAP_AUDIT_WRITE, then it shouldn't be
write protected by CAP_AUDIT_CONTROL.

Linux Security Modules

<Prev in Thread] Current Thread [Next in Thread>