Re: [PATCH] Fix audit control message checks

From: Stephen Smalley
Date: Tue Jan 18 2005 - 08:39:04 EST


On Sat, 2005-01-15 at 15:07, Serge E. Hallyn wrote:
> The audit control messages are sent over netlink. Permission checks
> are done on the process receiving the message, which may not be the
> same as the process sending the message. This patch switches the
> netlink_send security hooks to calculate the effective capabilities
> based on the sender. Then audit_receive_msg performs capability checks
> based on that.
>
> It also introduces the CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL capabilities,
> and replaces the previous CAP_SYS_ADMIN checks in audit code with the
> appropriate checks.
>
> Please apply.
>
> Changelog:
> 1/15/2005: Simplified dummy_netlink_send given that dummy now
> keeps track of capabilities.
> 1/14/2005: Many fixes based on feedback from linux-audit@xxxxxxxxxx
> list.
> 1/14/2005: Removed the netlink_msg_type helper function.
> 1/07/2005: Swith to using CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL.
>
> thanks,
> -serge
>
> Signed-off-by: Serge Hallyn <serue@xxxxxxxxxx>

Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxxx>

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/