[RFC][PATCH] Inherit loginuid from parent
Serge Hallyn
serue at us.ibm.com
Thu Jan 6 21:18:28 UTC 2005
Yes, that has to have been a typo... The patch certainly looks correct.
(will test later today)
thanks,
-serge
On Thu, 2005-01-06 at 13:27 -0500, Stephen Smalley wrote:
> Hi,
>
> I might be mis-reading the code, but it appears that the current
> audit_alloc() code is not preserving the loginuid of the parent process
> for the child process upon a fork or clone. Instead, it is checking to
> see if the just-created child has an existing audit context and if so,
> copies the loginuid from it, which seems nonsensical, especially as it
> does nothing to free any existing audit context if one exists already.
> Does this patch look correct? In this context, tsk == the child, and
> current == the parent. The child has not yet started execution at this
> point; it is still being setup by the fork/clone code.
>
> --- linux-2.6.10/kernel/auditsc.c.orig 2005-01-06 13:11:51.000000000 -0500
> +++ linux-2.6.10/kernel/auditsc.c 2005-01-06 13:14:28.000000000 -0500
> @@ -549,8 +549,8 @@ int audit_alloc(struct task_struct *tsk)
>
> /* Preserve login uid */
> context->loginuid = -1;
> - if (tsk->audit_context)
> - context->loginuid = tsk->audit_context->loginuid;
> + if (current->audit_context)
> + context->loginuid = current->audit_context->loginuid;
>
> tsk->audit_context = context;
> set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT);
>
--
Serge Hallyn <serue at us.ibm.com>
More information about the Linux-audit
mailing list