From mboxrd@z Thu Jan 1 00:00:00 1970 From: Casey Schaufler Subject: Re: proc_loginuid_write() checks wrong capability? Date: Tue, 6 Feb 2007 13:47:24 -0800 (PST) Message-ID: <20070206214724.63499.qmail@web36614.mail.mud.yahoo.com> References: <20070206195332.GD6698@suse.de> Reply-To: casey@schaufler-ca.com Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Return-path: Received: from mx2.redhat.com (mx2.redhat.com [10.255.15.25]) by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l16LlVpb029604 for ; Tue, 6 Feb 2007 16:47:32 -0500 Received: from web36614.mail.mud.yahoo.com (web36614.mail.mud.yahoo.com [209.191.85.31]) by mx2.redhat.com (8.13.1/8.13.1) with SMTP id l16LlTQQ000746 for ; Tue, 6 Feb 2007 16:47:30 -0500 In-Reply-To: <20070206195332.GD6698@suse.de> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Steve Beattie Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com --- Steve Beattie wrote: > Ah, thanks Stephen and Casey, for explaining the > reasoning. It does have > the unfortunate side effect of causing > CAP_AUDIT_CONTROL to be needed > more widely than one might expect. The appropriate granularity of capabilities has always been and will always be a contentious issue, with the fashion shifting whimsically. Writing audit records is pretty clearly a different beast than setting audit attributes, but since there is significant overlap between the programs that set audit state and those that write audit records you could make a case for either making a seperate capability for setting the loginid or for having a single CAP_AUDIT. Heck, at one time or another I've argued each way. I expect that the current granularity is sufficiently obvious and useful to leave alone, at least for the time being. Casey Schaufler casey@schaufler-ca.com