Re: Proposal "LUID"

• Next message: Matt Aubury: "Re: An alternative way of populating /proc"
• Previous message: Jamie Lokier: "Re: Proposal "LUID""
• Next in thread: Linda Walsh: "Re: Proposal "LUID""
• Reply: Linda Walsh: "Re: Proposal "LUID""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 14 Apr 2000, Linda Walsh wrote:
>Jesse Pollard wrote:
>> I would rather have the session id logged - it already exists.
>---
> Where? I don't see it in the task struct.
> In my reading of the CAPP, it says it wants
>things tracked on a user-id basis for audit purposes. Session auditing is
>a tangential function that would not appear to satisfy the CAPP.

src/linux/include/linux/sched.h

As a strict reading, no it doesn't. The session id appears to be called
"session", line 265. I was just meaning that if it were logged, then the
original UID is identified, along with all uid changes.

>
>> This would
>> allow the same/equivalent audit trail, and could also be used for
>> accounting logs to generate session level accounting.
>---
> How is a session defined? Where is it setup and authenticated? CAPP
>requires a certain minimal authentication strength to be checked to initiate
>a user session and to begin auditing that user.

A session ID is generated at login time, and cannot be altered for the duration
of the session. A session is started by login/cron/telnetd/...

At the present time I don't know the exact mechanics of it's creation, but
it is somewhere in the setsid call. The manpage doesn't currently indicate the
restrictions (not all, anyway) on creating a session, but it should be
restricted to just root privileges - or some capability entry.

> Besides, couldn't you do the same type of auditing with a LUID? For
>security purposes, it seems you could track user activity between a login/logout?

No - LUID's repeat - two jobs may run, (two telnets, or telnet and cron, or...)
with the same LUID. These two jobs can only be uniquely identified by the
session ID, if they both run at the same time. This gives the auditor a way to
connect the events in a sequence that otherwise cannot be connected (at least
not easily). It prevents the sequence of process activations from becoming
confused.

> I don't want to make this more complex than it needs to be since security
>is inversely proportional to complexity.
>

I know - this is based on the way the UNICOS MLS audit entry tracks user
activity. The accounting is a secondary ability that just falls out from
the use of a sessionID.
-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@cats-chateau.net

Any opinions expressed are solely my own.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Matt Aubury: "Re: An alternative way of populating /proc"
• Previous message: Jamie Lokier: "Re: Proposal "LUID""
• Next in thread: Linda Walsh: "Re: Proposal "LUID""
• Reply: Linda Walsh: "Re: Proposal "LUID""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:09 EST