From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Beattie <sbeattie@suse.de>
Subject: proc_loginuid_write() checks wrong capability?
Date: Tue, 6 Feb 2007 10:27:15 -0800
Message-ID: <20070206182715.GA25164@suse.de>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0702721214=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l16IRU6N026422
	for <linux-audit@redhat.com>; Tue, 6 Feb 2007 13:27:30 -0500
Received: from lizaveta.nxnw.org (208-151-246-43.dq1sn.easystreet.com
	[208.151.246.43])
	by mx1.redhat.com (8.13.1/8.13.1) with ESMTP id l16IRSHF007819
	for <linux-audit@redhat.com>; Tue, 6 Feb 2007 13:27:28 -0500
Received: from kryten.int.wirex.com (cerebus.immunix.com [198.145.28.33])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "kryten.int.wirex.com", Issuer "nxnw.org" (verified OK))
	by lizaveta.nxnw.org (Postfix) with ESMTP id 772E032E2B
	for <linux-audit@redhat.com>; Tue,  6 Feb 2007 10:27:18 -0800 (PST)
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com


--===============0702721214==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="jRHKVT23PllUwdXP"
Content-Disposition: inline


--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

Looking at the code for proc_loginuid_write() in Linus' git tree, the
capability CAP_AUDIT_CONTROL is needed to write to /proc/pid/loginuid
and generate LOGIN type records. This seems to run counter to the
capabilities(7) manpage, which suggests that CAP_AUDIT_CONTROL is to
"Enable and disable kernel auditing; change auditing filter rules;
retrieve auditing status and filtering rules", whereas CAP_AUDIT_WRITE
is to "Allow records to be written to kernel auditing log."

Should the following patch be applied, or am I misunderstanding
something? It doesn't seem quite right that anything that makes use of
pam_loginuid.so should need to be granted the capability that allows
enabling and disabling kernel auditing or changing filter rules.

Signed-off-by: Steve Beattie <sbeattie@suse.de>
---
 fs/proc/base.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: kernel-linus/fs/proc/base.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- kernel-linus.orig/fs/proc/base.c
+++ kernel-linus/fs/proc/base.c
@@ -741,7 +741,7 @@ static ssize_t proc_loginuid_write(struc
 	ssize_t length;
 	uid_t loginuid;
=20
-	if (!capable(CAP_AUDIT_CONTROL))
+	if (!capable(CAP_AUDIT_WRITE))
 		return -EPERM;
=20
 	if (current !=3D pid_task(proc_pid(inode), PIDTYPE_PID))

Thanks.
--=20
Steve Beattie
SUSE Labs, Novell Inc.=20
<sbeattie@suse.de>
http://NxNW.org/~steve/

--jRHKVT23PllUwdXP
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFyMiDquBH+DuYavMRAsbZAJ40SbN6cDNxUeS6RP3L2GgwYz2NtwCgn6aS
5m1czDw62OTySFC0lxuPu3U=
=kkAX
-----END PGP SIGNATURE-----

--jRHKVT23PllUwdXP--


--===============0702721214==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============0702721214==--