audit capability checks not audited
Steve Grubb
sgrubb at redhat.com
Thu May 19 15:27:34 UTC 2005
On Tuesday 17 May 2005 09:12, Steve Grubb wrote:
> Then I'll ask Dan what's wrong. I think that libpam should probably be
> fixed if that is indeed the problem.
OK. I see the problem now.
In /fs/proc/base.c we have this code:
845 static ssize_t proc_loginuid_write(struct file * file, const char __user *
buf,
846 size_t count, loff_t *ppos)
847 {
854 if (!capable(CAP_AUDIT_CONTROL))
855 return -EPERM;
So, this means that the pam module has to have CONTROL capabilites to set the
loginuid. This is clearly not what we want. Should this be changed to WRITE
or should we have another capability? Or, does anyone have another idea?
-Steve
More information about the Linux-audit
mailing list