Re: getuid() vs. geteuid() in auditctl

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steve Grubb <sgrubb@redhat.com>
To: Peter Moody <pmoody@google.com>
Cc: linux-audit@redhat.com
Subject: Re: getuid() vs. geteuid() in auditctl
Date: Wed, 21 Mar 2012 16:12:00 -0400	[thread overview]
Message-ID: <201203211612.01097.sgrubb@redhat.com> (raw)
In-Reply-To: <CALnj_=4DTGENoeXbJAP8suDgW5f7irdfmeoD+g5yyfsK5-X1oA@mail.gmail.com>

On Wednesday, March 21, 2012 12:38:06 PM Peter Moody wrote:
> On Tue, Mar 20, 2012 at 11:07 AM, Steve Grubb <sgrubb@redhat.com> wrote:
> > On Friday, March 16, 2012 05:50:56 PM Peter Moody wrote:
> >> line 1162 in auditctl.c has this:
> >> 
> >> #ifndef DEBUG
> >>   /* Make sure we are root */
> >>   if (getuid() != 0) {
> >>     fprintf(stderr, "You must be root to run this program.\n");
> >>     return 4;
> >>   }
> >> #endif
> >> 
> >> Is there any particular reason to use getuid() there as opposed to
> >> geteuid()?
> > 
> > I suppose it doesn't matter. I never envisioned having a helper
> > application, so that why its the way it is. Since we are optionally
> > linking in libcap-ng, I suppose we could even check the capability
> > rather than the euid.
> 
> Just the CAP_AUDIT_CONTROL capability?

On the -m command, it instead needs CAP_AUDIT_WRITE.

> > Also note that
> > for certification purposes the file permissions are restricted.
> 
> The permissions of the auditctl binary?

Yes. We ship it 0750.

-Steve

next prev parent reply	other threads:[~2012-03-21 20:12 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-16 21:50 getuid() vs. geteuid() in auditctl Peter Moody
2012-03-20 18:07 ` Steve Grubb
2012-03-21 16:38   ` Peter Moody
2012-03-21 20:12     ` Steve Grubb [this message]
2012-03-21 21:34       ` Peter Moody

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201203211612.01097.sgrubb@redhat.com \
    --to=sgrubb@redhat.com \
    --cc=linux-audit@redhat.com \
    --cc=pmoody@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.