Re: [PATCH] Fix audit control message checks

[Stephen Smalley]

On Sat, 2005-01-15 at 15:07, Serge E. Hallyn wrote:
> The audit control messages are sent over netlink.  Permission checks
> are done on the process receiving the message, which may not be the
> same as the process sending the message.  This patch switches the
> netlink_send security hooks to calculate the effective capabilities
> based on the sender.  Then audit_receive_msg performs capability checks
> based on that.
> 
> It also introduces the CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL capabilities,
> and replaces the previous CAP_SYS_ADMIN checks in audit code with the
> appropriate checks.
> 
> Please apply.
> 
> Changelog:
> 	1/15/2005: Simplified dummy_netlink_send given that dummy now
> 		keeps track of capabilities.
> 	1/14/2005: Many fixes based on feedback from linux-audit@xxxxxxxxxx
> 		list.
> 	1/14/2005: Removed the netlink_msg_type helper function.
> 	1/07/2005: Swith to using CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL.
> 
> thanks,
> -serge
> 
> Signed-off-by: Serge Hallyn <serue@xxxxxxxxxx>

Signed-off-by:  Stephen Smalley <sds@xxxxxxxxxxxxxx>

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/