[Top] [All Lists]

Re: [PATCH] Add audit uid to netlink credentials

To: Stephen Smalley <sds@xxxxxxxxxxxxxx>
Subject: Re: [PATCH] Add audit uid to netlink credentials
From: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
Date: Thu, 10 Feb 2005 12:49:39 +0000
Cc: Linux Audit Discussion <linux-audit@xxxxxxxxxx>, netdev@xxxxxxxxxxx, davem@xxxxxxxxxxxxx, kuznet@xxxxxxxxxxxxx
In-reply-to: <1108039217.22172.31.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <20050204165840.GA2320@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1107958621.19262.524.camel@xxxxxxxxxxxxxxxxxxxxxxxxxx> <1107960659.4837.9.camel@serge> <1107973381.17568.97.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050209103747.Y24171@xxxxxxxxxxxxxxxxxx> <1107974448.17568.108.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050209153816.B24171@xxxxxxxxxxxxxxxxxx> <1107993369.9154.2.camel@xxxxxxxxxxxxxxxxxxxxx> <20050209161946.F24171@xxxxxxxxxxxxxxxxxx> <1108039217.22172.31.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
On Thu, 2005-02-10 at 07:40 -0500, Stephen Smalley wrote:
> To be precise, isn't it true that someone with only CAP_AUDIT_WRITE
> would only be able to spoof loginuids in the AUDIT_USER messages they
> generate?  The loginuid on any syscall audit messages for the task would
> still be the one associated with the task's audit context, so that would
> not be spoofable.



<Prev in Thread] Current Thread [Next in Thread>