[PATCH] Add audit uid to netlink credentials
David Woodhouse
dwmw2 at infradead.org
Wed Feb 9 23:56:09 UTC 2005
On Wed, 2005-02-09 at 15:38 -0800, Chris Wright wrote:
>> So you also think it should be in the payload? That would require
>> security_netlink_send to dig into the payload if we wanted to control
>> who can specify other loginuids, as Serge noted.
>
>I just don't see it making sense to add another credential for a special
>case. The signal code already peaks into the siginfo struct when queueing
>a signal to make sure some user isn't trying to send si_code == SI_KERNEL
>or similar. Perhaps audit could do that with it's own payload during send.
>No matter how we slice it, it's a special case.
I'm not entirely sure the check is needed anyway. This is a trusted
application sending audit messages. Why shouldn't it be permitted to log
auditable events which were triggered by someone _else_?
If we want to audit the actions of the userspace logging dæmon itself
and see what it sends, then we can quite happily do so within the audit
framework. That's a _different_ issue, surely?
--
dwmw2
More information about the Linux-audit
mailing list