getuid() vs. geteuid() in auditctl
Peter Moody
pmoody at google.com
Wed Mar 21 21:34:38 UTC 2012
On Wed, Mar 21, 2012 at 1:12 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Wednesday, March 21, 2012 12:38:06 PM Peter Moody wrote:
>> On Tue, Mar 20, 2012 at 11:07 AM, Steve Grubb <sgrubb at redhat.com> wrote:
>> > On Friday, March 16, 2012 05:50:56 PM Peter Moody wrote:
>> >> line 1162 in auditctl.c has this:
>> >>
>> >> #ifndef DEBUG
>> >> /* Make sure we are root */
>> >> if (getuid() != 0) {
>> >> fprintf(stderr, "You must be root to run this program.\n");
>> >> return 4;
>> >> }
>> >> #endif
>> >>
>> >> Is there any particular reason to use getuid() there as opposed to
>> >> geteuid()?
>> >
>> > I suppose it doesn't matter. I never envisioned having a helper
>> > application, so that why its the way it is. Since we are optionally
>> > linking in libcap-ng, I suppose we could even check the capability
>> > rather than the euid.
>>
>> Just the CAP_AUDIT_CONTROL capability?
>
> On the -m command, it instead needs CAP_AUDIT_WRITE.
Actually, is there any reason that check can't just be removed to
allow the kernel to reply with an error if an unprivileged/uncapable
user tries executing auditctl? requiring CAP_AUDIT_WRITE seems strange
if the user is just executing auditctl -h or auditctl -v (though those
are the only two commands I can see that a normal user should be able
to execute).
>> > Also note that
>> > for certification purposes the file permissions are restricted.
>>
>> The permissions of the auditctl binary?
>
> Yes. We ship it 0750.
>
> -Steve
--
Peter Moody Google 1.650.253.7306
Security Engineer pgp:0xC3410038
More information about the Linux-audit
mailing list