Re: [PATCH] LSM hooks for audit
On Wed, 2004-09-15 at 10:02, Stephen Smalley wrote:
On Wed, 2004-09-15 at 09:59, Serge Hallyn wrote:
case AUDIT_SET:
- if (!capable(CAP_SYS_ADMIN))
- return -EPERM;
+ err = security_audit_set(status_get->mask);
+ if (err)
+ return err;
status_get = (struct audit_status *)data;
Hook is called _before_ setting of status_get?
Good point, we should send the status_get to the hook for finer-grained
controls.
And what checks that the
data length is at least sizeof(struct audit_status)? Looks like the
existing code is assuming that the caller didn't send a short message.
True.
@@ -364,8 +365,9 @@ static int audit_receive_msg(struct sk_b
audit_log_end(ab);
break;
case AUDIT_LOGIN:
- if (!capable(CAP_SYS_ADMIN))
- return -EPERM;
+ err = security_audit_login();
+ if (err)
+ return err;
login = (struct audit_login *)data;
ab = audit_log_start(NULL);
if (ab) {
Why not call the hook after extracting the data (and again, checking the
length) and pass the audit_login info to the hook.
I would also suggest a hook on AUDIT_USER.
Thanks, I will send a new patch with each of these incorporated.
-serge
--
=======================================================
Serge Hallyn
Security Software Engineer, IBM Linux Technology Center
serue(a)us.ibm.com