On Wed, 2005-02-09 at 16:19 -0800, Chris Wright wrote:
Then it comes back to the question of how to protect loginuid. If
it
can be spoofed by someone with CAP_AUDIT_WRITE, then it shouldn't be
write protected by CAP_AUDIT_CONTROL.
I'm not sure I agree with that. With CAP_AUDIT_WRITE you _can't_ modify
the loginuid of the audit logs of your own actions. You can only modify
the loginuid on the messages you pull out of thin air and send. You can
already make up the rest of the payload -- why shouldn't you be allowed
to make up the loginuid too? You could be reporting something that
someone _else_ has done, after all.
Or am I misunderstanding the intended use of CAP_AUDIT_WRITE?
--
dwmw2