[RFC][PATCH] collect security labels on user processes generating audit messages
Darrel Goeddel
dgoeddel at trustedcs.com
Wed Feb 15 21:05:27 UTC 2006
Timothy R. Chavez wrote:
> James & Stephen,
>
> Thank you for the comments. While implementing your feedback I came
> across a pretty severe bug. I was basically obtaining the sid and then
> throwing it away (I was returning it from the function, but not actually
> assigning it to anything). New patch below. I still need to test this
> a little more. Thanks!
>
> -tim
Should you really be using an lsm interface for getting the sid? The
patch is currently allowing any security module to put a secid (whose
comment says SELinux security id) into the netlink_skb_params struct.
This generic item is then only used in SELinux specific calls. It
seems that the getsecid functionality could just fit into an SELinux
specific API just like selinux_id_to_ctx and friends. That would also
avoid the overhead of lsm and all of the associated code changes. Of
course this is probably moot if there are other planned uses for
security_task_getsecid().
--
Darrel
More information about the Linux-audit
mailing list