On Wed, 2004-09-15 at 10:02, Stephen Smalley wrote:
> On Wed, 2004-09-15 at 09:59, Serge Hallyn wrote:
> case AUDIT_SET:
> - if (!capable(CAP_SYS_ADMIN))
> - return -EPERM;
> + err = security_audit_set(status_get->mask);
> + if (err)
> + return err;
> status_get = (struct audit_status *)data;
>
> Hook is called _before_ setting of status_get?
Good point, we should send the status_get to the hook for finer-grained
controls.
> And what checks that the
> data length is at least sizeof(struct audit_status)? Looks like the
> existing code is assuming that the caller didn't send a short message.
True.
>
> @@ -364,8 +365,9 @@ static int audit_receive_msg(struct sk_b
> audit_log_end(ab);
> break;
> case AUDIT_LOGIN:
> - if (!capable(CAP_SYS_ADMIN))
> - return -EPERM;
> + err = security_audit_login();
> + if (err)
> + return err;
> login = (struct audit_login *)data;
> ab = audit_log_start(NULL);
> if (ab) {
>
> Why not call the hook after extracting the data (and again, checking the
> length) and pass the audit_login info to the hook.
>
> I would also suggest a hook on AUDIT_USER.
Thanks, I will send a new patch with each of these incorporated.
-serge
--
=======================================================
Serge Hallyn
Security Software Engineer, IBM Linux Technology Center
serue@private
This archive was generated by hypermail 2.1.3 : Wed Sep 15 2004 - 08:34:56 PDT