Re: Proposal "LUID"

From: Jesse Pollard (pollard@cats-chateau.net)
Date: Fri Apr 14 2000 - 19:56:11 EST


On Fri, 14 Apr 2000, Linda Walsh wrote:
>How do people feel about the following proposal:
>
>Adding support for login user id (auditable user id).
>
>1) adding a variable "luid" to the uid_t line in the task struct
>2) adding two system calls - 1 to 'set' and one to 'get' the value.
>3) adding CAP_SET_LUID that allows setting setting the luid.
>---
>
>Set points would be at 'login', cron/at (running as a user), r(sh,cp,login), and
>s(sh,..?). Implementation at user level would probably be in a pam library. This
>wouldn't change over exec's/forks nor would it change at with 'su' nor with SUID
>programs.
>
>This id would be used to track a user from the point of access to the system to
>their ending contact which is required for C2 (now CAPP) auditing.
>
>Is this level of change appropriate for a 'stable' kernel or would it be only
>in a development kernel. It *seems* to be 'low risk' but could impact programs
>that depend on the internal structure of the kernel's task struct. (Are their
>such (she asks naively)? It's just such a tiny bit of code....:-)
>
>Soooo...ok, um, now tear me to shreds, er, I mean comments?

I would rather have the session id logged - it already exists. This would
allow the same/equivalent audit trail, and could also be used for
accounting logs to generate session level accounting. I believe the
session id is already being generated at most(all?) places that the user
identification would have to be done. Only the log records on process
termination would be modified.

The audit records can be post-processed to provide a complete track of
activity, including any uid/gid changes.
-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@cats-chateau.net

Any opinions expressed are solely my own.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Apr 15 2000 - 21:00:25 EST