Re: [PATCH] LOGIN message credentials
* Steve Grubb (sgrubb(a)redhat.com) wrote:
Hello,
I was testing the kernel and found a problem where the credentials are not
being recorded for LOGIN messages. Here's a typical message:
type=LOGIN msg=audit(1114444861.363:0): login pid=0 uid=0 old
loginuid=4294967295 new loginuid=0
The pid cannot be 0. The problem is that the kernel code assumes the
information is in the audit context. What if audit_get_context has never been
called for that process?
Attached is a patch that passes the needed info out of the task struct to the
function that emits the message.
Any reason not to simply pass the task in?
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net