[PATCH] enable /proc/$$/loginuid
Casey Schaufler
casey at schaufler-ca.com
Fri Jan 14 22:37:07 UTC 2005
--- Stephen Smalley <sds at epoch.ncsc.mil> wrote:
> Why require CAP_AUDIT_CONTROL to read the loginuid?
Since the loginuid identifies the individual who
will be held accountable for the action* it should
be hidden from untrusted (unprivileged) users to
prevent an evil minded program from taking actions
based on who will get the blame for them. This was
the guidance given us during the Trix B1 evaluation
of 1995.
----
* That's right, isn't it?
=====
Casey Schaufler
casey at schaufler-ca.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Linux-audit
mailing list