allbery@kf8nh.apk.net writes:
> [snip]
>> On Fri, Apr 14, 2000 at 02:43:16PM -0700, Linda Walsh wrote:
>>> Adding support for login user id (auditable user id).
>>>
>>> 1) adding a variable "luid" to the uid_t line in the task struct
>>> 2) adding two system calls - 1 to 'set' and one to 'get' the value.
>>> 3) adding CAP_SET_LUID that allows setting setting the luid.
>
> The security level formerly known as C2 requires the system to keep a
> "login UID"; this ID never changes, regardless of real or effective UID
> changes, and is used to record the actual user who performed some
> audited action. System daemons run with LUID 0, which is the only LUID
> permitted to change its LUID; if a process has a nonzero LUID, it can
> not change its LUID for any reason.
So you only need one system call for this. No CAP_* bit required.
int sysluid(int arg){
int old = current->luid;
if(old) return old;
current->luid = arg;
return arg;
}
If login fails to set LUID then, yes, normal users can mess with it.
This is OK because your system wasn't using it anyway.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Apr 15 2000 - 21:00:25 EST