[PATCH] LOGIN message credentials
Chris Wright
chrisw at osdl.org
Mon Apr 25 16:23:21 UTC 2005
* Steve Grubb (sgrubb at redhat.com) wrote:
> Hello,
>
> I was testing the kernel and found a problem where the credentials are not
> being recorded for LOGIN messages. Here's a typical message:
>
> type=LOGIN msg=audit(1114444861.363:0): login pid=0 uid=0 old
> loginuid=4294967295 new loginuid=0
>
> The pid cannot be 0. The problem is that the kernel code assumes the
> information is in the audit context. What if audit_get_context has never been
> called for that process?
>
> Attached is a patch that passes the needed info out of the task struct to the
> function that emits the message.
Any reason not to simply pass the task in?
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
More information about the Linux-audit
mailing list