Re: getuid() vs. geteuid() in auditctl

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: Re: getuid() vs. geteuid() in auditctl
Date: Tue, 20 Mar 2012 14:07:46 -0400	[thread overview]
Message-ID: <201203201407.46778.sgrubb@redhat.com> (raw)
In-Reply-To: <CALnj_=7f-V+7UEJ_eDgtQFEDCpj5FALCLFk+s9e6H-nxjPJdFw@mail.gmail.com>

On Friday, March 16, 2012 05:50:56 PM Peter Moody wrote:
> line 1162 in auditctl.c has this:
> 
> #ifndef DEBUG
>   /* Make sure we are root */
>   if (getuid() != 0) {
>     fprintf(stderr, "You must be root to run this program.\n");
>     return 4;
>   }
> #endif
> 
> Is there any particular reason to use getuid() there as opposed to
> geteuid()? 

I suppose it doesn't matter. I never envisioned having a helper application, so 
that why its the way it is. Since we are optionally linking in libcap-ng, I 
suppose we could even check the capability rather than the euid. Also note that 
for certification purposes the file permissions are restricted.

-Steve

> In my particular case, we have a setuid helper that allows
> a normal user to run 'auditctl -l' (with a clean environment), and
> this prevents the setuid helper from working.

next prev parent reply	other threads:[~2012-03-20 18:07 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-16 21:50 getuid() vs. geteuid() in auditctl Peter Moody
2012-03-20 18:07 ` Steve Grubb [this message]
2012-03-21 16:38   ` Peter Moody
2012-03-21 20:12     ` Steve Grubb
2012-03-21 21:34       ` Peter Moody

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201203201407.46778.sgrubb@redhat.com \
    --to=sgrubb@redhat.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.