Re: New audit-perms patch [ Re: Audit perms check on recv ]
--- Stephen Smalley <sds(a)epoch.ncsc.mil> wrote:
I actually got the impression (possibly wrong) from
Casey's posting that
the desired associations were CAP_AUDIT_WRITE for
AUDIT_USER only, and
CAP_AUDIT_CONTROL for all other operations, even
AUDIT_GET and
AUDIT_LIST (and AUDIT_LOGIN).
This is correct.
That allows
applications to write records
to the audit trail without any other access.
This is correct.
Of
course, it means that
login would be able to arbitrarily control auditing,
since it needs
AUDIT_LOGIN.
Login is a critical component in the system
security policy enforcement. It can be expected
to undergo sufficient analysis and review to
ensure that abuse of the audit system is unlikely.
=====
Casey Schaufler
casey(a)schaufler-ca.com
__________________________________
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com