audit capability checks not audited
Steve Grubb
sgrubb at redhat.com
Tue May 17 13:12:16 UTC 2005
On Tuesday 17 May 2005 08:53, Stephen Smalley wrote:
> I'm assuming it is being caused by libpam, although I don't know much
> beyond the fact that vsftpd stopped working without it.
Then I'll ask Dan what's wrong. I think that libpam should probably be fixed
if that is indeed the problem.
> > What are we doing wrong? Shouldn't it be a matter of calling the right
> > selinux function for a capabilities check after the DAC checks?
>
> Even if you changed audit_netlink_ok() to call a LSM hook
> rather than directly performing a cap_raised() test, SELinux wouldn't
> know the security context of the sender, since that isn't saved with the
> netlink message.
We need to do this for LSPP, so maybe we should take that step if needed.
> Simplest solution is Chris' earlier patches to allow
> callbacks to be registered for netlink send so that audit_netlink_ok()
> checking can occur at send time.
My only concern is whether or not this will impact the user space side.
-Steve
More information about the Linux-audit
mailing list