[PATCH 5/7] audit: allow unsetting the loginuid (with priv)

public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed

From: Eric Paris <eparis@redhat.com>
To: linux-audit@redhat.com
Subject: [PATCH 5/7] audit: allow unsetting the loginuid (with priv)
Date: Fri, 24 May 2013 12:11:48 -0400	[thread overview]
Message-ID: <1369411910-13777-5-git-send-email-eparis@redhat.com> (raw)
In-Reply-To: <1369411910-13777-1-git-send-email-eparis@redhat.com>

If a task has CAP_AUDIT_CONTROL allow that task to unset their loginuid.
This would allow a child of that task to set their loginuid without
CAP_AUDIT_CONTROL.  Thus when launching a new login daemon, a
priviledged helper would be able to unset the loginuid and then the
daemon, which may be malicious user facing, do not need priv to function
correctly.

Signed-off-by: Eric Paris <eparis@redhat.com>
---
 fs/proc/base.c   | 14 ++++++++++----
 kernel/auditsc.c |  4 +++-
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 69078c7..33d0d0b 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1119,10 +1119,16 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
 		goto out_free_page;
 
 	}
-	kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
-	if (!uid_valid(kloginuid)) {
-		length = -EINVAL;
-		goto out_free_page;
+
+	/* is userspace tring to explicitly UNSET the loginuid? */
+	if (loginuid == AUDIT_UID_UNSET) {
+		kloginuid = INVALID_UID;
+	} else {
+		kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
+		if (!uid_valid(kloginuid)) {
+			length = -EINVAL;
+			goto out_free_page;
+		}
 	}
 
 	length = audit_set_loginuid(kloginuid);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index bbc5a4f..eea28c1 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2017,7 +2017,9 @@ int audit_set_loginuid(kuid_t loginuid)
 	if (rc)
 		goto out;
 
-	sessionid = atomic_inc_return(&session_id);
+	/* are we setting or clearing? */
+	if (uid_valid(loginuid))
+		sessionid = atomic_inc_return(&session_id);
 
 	task->sessionid = sessionid;
 	task->loginuid = loginuid;
-- 
1.8.2.1

next prev parent reply	other threads:[~2013-05-24 16:11 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-05-24 16:11 [PATCH 1/7] audit: implement generic feature setting and retrieving Eric Paris
2013-05-24 16:11 ` [PATCH 2/7] selinux: apply selinux checks on new audit message types Eric Paris
2013-05-24 16:11 ` [PATCH 3/7] audit: loginuid functions coding style Eric Paris
2013-05-24 16:11 ` [PATCH 4/7] audit: remove CONFIG_AUDIT_LOGINUID_IMMUTABLE Eric Paris
2013-05-24 16:11 ` Eric Paris [this message]
2013-05-24 16:11 ` [PATCH 6/7] audit: audit feature to only allow unsetting the loginuid Eric Paris
2013-05-24 16:11 ` [PATCH 7/7] audit: audit feature to set loginuid immutable Eric Paris
2013-07-08 20:34   ` Steve Grubb
2013-07-08 20:51     ` Eric Paris
2013-07-08 21:26       ` Steve Grubb
2013-07-08 21:32         ` Eric Paris
2013-07-09 22:24           ` Steve Grubb
2013-07-09 23:51             ` LC Bruzenak
2013-07-10 13:46               ` Steve Grubb
2013-07-10 14:32                 ` LC Bruzenak
2013-07-10 18:16                   ` Eric Paris
2013-07-10 18:51                     ` LC Bruzenak
2013-07-10 19:02                       ` LC Bruzenak
2013-07-10 19:09                       ` Eric Paris
2013-05-24 16:28 ` [PATCH 1/7] audit: implement generic feature setting and retrieving Eric Paris
2013-05-24 20:41   ` William Roberts
2013-05-24 20:56     ` William Roberts
2013-05-30 17:20 ` Richard Guy Briggs
2013-07-08 20:28 ` Steve Grubb
2013-07-08 21:55   ` Eric Paris
2013-07-09  1:18     ` William Roberts
2013-07-09 18:30     ` Steve Grubb
2013-07-09 20:59       ` Eric Paris
2013-07-09 22:08 ` Steve Grubb
2013-11-02  7:26 ` Richard Guy Briggs
2013-11-02 14:44   ` Eric Paris
2014-08-22 21:58 ` Steve Grubb

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:69078c7 dfblob:33d0d0b dfblob:bbc5a4f dfblob:eea28c1 )
 OR (
bs:"[PATCH 5/7] audit: allow unsetting the loginuid (with priv)" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1369411910-13777-5-git-send-email-eparis@redhat.com \
    --to=eparis@redhat.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox