proc_loginuid_write() checks wrong capability?
Casey Schaufler
casey at schaufler-ca.com
Tue Feb 6 21:47:24 UTC 2007
--- Steve Beattie <sbeattie at suse.de> wrote:
> Ah, thanks Stephen and Casey, for explaining the
> reasoning. It does have
> the unfortunate side effect of causing
> CAP_AUDIT_CONTROL to be needed
> more widely than one might expect.
The appropriate granularity of capabilities
has always been and will always be a
contentious issue, with the fashion shifting
whimsically. Writing audit records is pretty
clearly a different beast than setting audit
attributes, but since there is significant
overlap between the programs that set audit
state and those that write audit records you
could make a case for either making a seperate
capability for setting the loginid or for
having a single CAP_AUDIT. Heck, at one time
or another I've argued each way. I expect that
the current granularity is sufficiently
obvious and useful to leave alone, at least
for the time being.
Casey Schaufler
casey at schaufler-ca.com
More information about the Linux-audit
mailing list