Re: [PATCH] Add audit uid to netlink credentials
* David Woodhouse (dwmw2(a)infradead.org) wrote:
On Wed, 2005-02-09 at 15:38 -0800, Chris Wright wrote:
>I just don't see it making sense to add another credential for a special
>case. The signal code already peaks into the siginfo struct when queueing
>a signal to make sure some user isn't trying to send si_code == SI_KERNEL
>or similar. Perhaps audit could do that with it's own payload during send.
>No matter how we slice it, it's a special case.
I'm not entirely sure the check is needed anyway. This is a trusted
application sending audit messages. Why shouldn't it be permitted to log
auditable events which were triggered by someone _else_?
Then it comes back to the question of how to protect loginuid. If it
can be spoofed by someone with CAP_AUDIT_WRITE, then it shouldn't be
write protected by CAP_AUDIT_CONTROL.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net