Two netlink patches
Stephen Smalley
sds at epoch.ncsc.mil
Wed Dec 15 21:26:39 UTC 2004
On Wed, 2004-12-15 at 17:05, Serge Hallyn wrote:
<snip>
+static int cap_netlink_audit_check (struct sk_buff *skb)
+{
+ int msgtype = netlink_get_msgtype(skb);
+
+ switch(msgtype) {
+ case 0: /* not an audit msg */
+
+ case AUDIT_GET:
+ case AUDIT_LIST:
+ return 0;
+
+ case AUDIT_SET:
+ case AUDIT_USER:
+ case AUDIT_LOGIN:
+
+ case AUDIT_ADD:
+ case AUDIT_DEL:
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
+ return 0;
+
+ default: /* permission denied: bad msg */
+ return msgtype;
+ }
<snip>
Shouldn't this function return -EPERM in the default case, not the
msgtype?
Also, do we truly need separate dummy and commoncap implementations, or
can capability re-use the dummy function (as long as it internally calls
the top-level capable function)? Or do you plan on changing that to not
use the top-level capable function?
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the Linux-audit
mailing list