Re: [PATCH] Add audit uid to netlink credentials
On Thu, 2005-02-10 at 07:40 -0500, Stephen Smalley wrote:
To be precise, isn't it true that someone with only
CAP_AUDIT_WRITE
would only be able to spoof loginuids in the AUDIT_USER messages they
generate? The loginuid on any syscall audit messages for the task would
still be the one associated with the task's audit context, so that would
not be spoofable.
Correct.
--
dwmw2