Re: [PATCH] Add audit uid to netlink credentials
On Wed, 2005-02-09 at 15:38 -0800, Chris Wright wrote:
> So you also think it should be in the payload? That would
require
> security_netlink_send to dig into the payload if we wanted to control
> who can specify other loginuids, as Serge noted.
I just don't see it making sense to add another credential for a special
case. The signal code already peaks into the siginfo struct when queueing
a signal to make sure some user isn't trying to send si_code == SI_KERNEL
or similar. Perhaps audit could do that with it's own payload during send.
No matter how we slice it, it's a special case.
I'm not entirely sure the check is needed anyway. This is a trusted
application sending audit messages. Why shouldn't it be permitted to log
auditable events which were triggered by someone _else_?
If we want to audit the actions of the userspace logging dæmon itself
and see what it sends, then we can quite happily do so within the audit
framework. That's a _different_ issue, surely?
--
dwmw2