Re: [PATCH] (for 2.3.99pre6) audit_ids system calls

From: Steve Dodd (
Date: Wed May 03 2000 - 14:47:34 EST

On Tue, May 02, 2000 at 11:01:38AM -0700, Linda Walsh wrote:

[.. ugh, bad line wrapping, ugh <g>]

> One of the requirements for this level of 'trust' is that audit actions be
> able to be written corresponding to the appropriate 'authenticated' (as in
> they gave a "password" (literal password or other biometric)). Currently,
> none of the uid values can be guaranteed to remain constant for
> a login session. Thus the luid fix.

I'd rather see ruid "unbroken", but probably isn't possible to do this and
retain compatibility. Other than BSD style euid<->ruid swapping (which
could surely by fixed by a "local" kludge, rather a global one <g>), the
issue is su and friends. I've never been entirely happy with the Unix "become
someone else to do certain things" model; I'd much rather remain user "steved"
but "assert" or "raise" particular privileges when I was going to something
dangerous. Doesn't VMS have something like this? set proc/priv=xxx?

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at

This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:13 EST