From: David Woodhouse <dwmw2@infradead.org>
To: Linux Audit Discussion <linux-audit@redhat.com>
Cc: netdev@oss.sgi.com, davem@davemloft.net, kuznet@ms2.inr.ac.ru
Subject: Re: [PATCH] Add audit uid to netlink credentials
Date: Wed, 09 Feb 2005 14:17:00 +0000 [thread overview]
Message-ID: <1107958621.19262.524.camel@hades.cambridge.redhat.com> (raw)
In-Reply-To: <20050204165840.GA2320@IBM-BWN8ZTBWA01.austin.ibm.com>
On Fri, 2005-02-04 at 10:58 -0600, Serge E. Hallyn wrote:
> Most audit control messages are sent over netlink. In order to properly
> log the identity of the sender of audit control messages, we would like
> to add the loginuid to the netlink_creds structure, as per the attached
> patch.
I think it would be better to leave the loginuid in the payload of the
audit packets, not put it into generic netlink structures.
In the common case where audit messages are being generated by the
kernel, the loginuid can be trusted anyway, and doesn't need to be
handled by netlink.
The only time it's possibly worth verifying it is for the case where
userspace is sending AUDIT_USER messages -- for which the process needs
CAP_AUDIT_WRITE anyway. And if you're then going to trust the rest of
what that process sends, what's wrong with trusting the loginuid which
it provides too?
Why should it be impossible for a trusted logging dæmon to log actions
of another process, running with a loginuid other than the loginuid of
the dæmon?
--
dwmw2
next prev parent reply other threads:[~2005-02-09 14:17 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-04 16:58 [PATCH] Add audit uid to netlink credentials Serge E. Hallyn
2005-02-08 6:04 ` Patrick McHardy
2005-02-09 13:34 ` Stephen Smalley
2005-02-09 14:10 ` Patrick McHardy
2005-02-09 14:19 ` Alexey Kuznetsov
2005-02-09 16:49 ` Alexey Kuznetsov
2005-02-09 18:52 ` Patrick McHardy
2005-02-09 18:53 ` Stephen Smalley
2005-02-09 14:17 ` David Woodhouse [this message]
2005-02-09 14:50 ` Serge Hallyn
2005-02-09 18:23 ` Stephen Smalley
2005-02-09 18:37 ` Chris Wright
2005-02-09 18:40 ` Stephen Smalley
2005-02-09 23:38 ` Chris Wright
2005-02-09 23:56 ` David Woodhouse
2005-02-10 0:19 ` Chris Wright
2005-02-10 9:20 ` David Woodhouse
2005-02-10 12:40 ` Stephen Smalley
2005-02-10 12:49 ` David Woodhouse
2005-02-10 17:14 ` Chris Wright
2005-02-10 1:11 ` Chris Wright
2005-02-10 12:36 ` Stephen Smalley
2005-02-10 12:51 ` Stephen Smalley
-- strict thread matches above, loose matches on Subject: below --
2005-02-10 14:37 Chad Hanson
2005-02-10 14:56 ` David Woodhouse
2005-02-10 17:52 ` Klaus Weidner
2005-02-10 18:10 ` Casey Schaufler
2005-02-10 19:26 ` Klaus Weidner
2005-02-10 15:16 Chad Hanson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1107958621.19262.524.camel@hades.cambridge.redhat.com \
--to=dwmw2@infradead.org \
--cc=davem@davemloft.net \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-audit@redhat.com \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).