RE: [PATCH] LSM hooks for audit

From: Chad Hanson (chanson@private)
Date: Thu Sep 16 2004 - 12:10:18 PDT

Previous message: Cyril Underwood: "Tired of being fat?"
Maybe in reply to: Serge Hallyn: "[PATCH] LSM hooks for audit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I would agree with Stephen with adding this restriction as well. If the
audit logs aren't trustworthy, the usefulness of them is minimized

-Chad

-----Original Message-----
From: Stephen Smalley [mailto:sds@private]
Sent: Wednesday, September 15, 2004 10:05 AM
To: Serge E. Hallyn
Cc: lsm; Crispin Cowan
Subject: Re: [PATCH] LSM hooks for audit

On Wed, 2004-09-15 at 10:32, Serge Hallyn wrote:
> The last one is the most dubious one in my mind, but we do want to
> prevent a user from sending fake login audit messages, either to mislead
> the auditor or to fill the log with garbage.

I agree that it should be controlled, and so should AUDIT_USER; you
don't want arbitrary processes being able to flood the logs.

-- 
Stephen Smalley <sds@private>
National Security Agency

Previous message: Cyril Underwood: "Tired of being fat?"
Maybe in reply to: Serge Hallyn: "[PATCH] LSM hooks for audit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Thu Sep 16 2004 - 12:10:27 PDT