* Executable permissions
@ 2006-12-13 16:00 Karl MacMillan
2006-12-13 16:11 ` Steve Grubb
0 siblings, 1 reply; 5+ messages in thread
From: Karl MacMillan @ 2006-12-13 16:00 UTC (permalink / raw)
To: linux-audit
Is there a reason that the audit tools that take a file name paramater
(-if) are not executable by non-root users? This prevents their use by
an admin to do analysis of saved audit logs with an unprivileged user login.
Thanks - Karl
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Executable permissions
2006-12-13 16:00 Executable permissions Karl MacMillan
@ 2006-12-13 16:11 ` Steve Grubb
2006-12-13 16:19 ` Linda Knippers
2006-12-13 16:20 ` Karl MacMillan
0 siblings, 2 replies; 5+ messages in thread
From: Steve Grubb @ 2006-12-13 16:11 UTC (permalink / raw)
To: linux-audit
On Wednesday 13 December 2006 11:00, Karl MacMillan wrote:
> Is there a reason that the audit tools that take a file name paramater
> (-if) are not executable by non-root users?
Current tools do not.
[root src]# grep getuid *.c
auditctl.c: if (getuid() != 0) {
auditctl.c: if (getuid() != 0) {
Must be root to send netlink
auditd.c: if (getuid() != 0) {
Must be root to read netlink
autrace.c: if (getuid() != 0) {
Must be root to write to netlink.
-Steve
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: Executable permissions
2006-12-13 16:11 ` Steve Grubb
@ 2006-12-13 16:19 ` Linda Knippers
2006-12-13 16:20 ` Karl MacMillan
1 sibling, 0 replies; 5+ messages in thread
From: Linda Knippers @ 2006-12-13 16:19 UTC (permalink / raw)
To: Steve Grubb; +Cc: linux-audit
Steve Grubb wrote:
> On Wednesday 13 December 2006 11:00, Karl MacMillan wrote:
>
>>Is there a reason that the audit tools that take a file name paramater
>>(-if) are not executable by non-root users?
>
>
> Current tools do not.
>
> [root src]# grep getuid *.c
> auditctl.c: if (getuid() != 0) {
> auditctl.c: if (getuid() != 0) {
>
> Must be root to send netlink
>
> auditd.c: if (getuid() != 0) {
>
> Must be root to read netlink
>
> autrace.c: if (getuid() != 0) {
>
> Must be root to write to netlink.
I think Karl is talking about the mode bits. The audit tools
are 750, owned by root,root, on my system, so not executable
by non-root users.
-- ljk
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: Executable permissions
2006-12-13 16:11 ` Steve Grubb
2006-12-13 16:19 ` Linda Knippers
@ 2006-12-13 16:20 ` Karl MacMillan
2006-12-13 17:14 ` Steve Grubb
1 sibling, 1 reply; 5+ messages in thread
From: Karl MacMillan @ 2006-12-13 16:20 UTC (permalink / raw)
To: Steve Grubb; +Cc: linux-audit
Steve Grubb wrote:
> On Wednesday 13 December 2006 11:00, Karl MacMillan wrote:
>> Is there a reason that the audit tools that take a file name paramater
>> (-if) are not executable by non-root users?
>
> Current tools do not.
>
[root@localhost ~]# ls -l /sbin/au*
-rwxr-x--- 1 root root 3080 Dec 1 11:37 /sbin/audispd*
-rwxr-x--- 1 root root 88216 Dec 1 11:37 /sbin/auditctl*
-rwxr-x--- 1 root root 96068 Dec 1 11:37 /sbin/auditd*
-rwxr-x--- 1 root root 102864 Dec 1 11:37 /sbin/aureport*
-rwxr-x--- 1 root root 115420 Dec 1 11:37 /sbin/ausearch*
-rwxr-x--- 1 root root 68816 Dec 1 11:37 /sbin/autrace*
[root@localhost ~]# rpm -qa | grep audit
audit-libs-1.3-3.fc7
audit-1.3-3.fc7
audit-libs-python-1.3-3.fc7
audit-libs-devel-1.3-3.fc7
It's not the code, but rather the default permissions on the
executables. So this might just be a packaging problem.
Thanks - Karl
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2006-12-13 17:14 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-12-13 16:00 Executable permissions Karl MacMillan
2006-12-13 16:11 ` Steve Grubb
2006-12-13 16:19 ` Linda Knippers
2006-12-13 16:20 ` Karl MacMillan
2006-12-13 17:14 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox