Audit control kernel patch

From: Serge Hallyn (serue@private)
Date: Thu Dec 02 2004 - 16:25:56 PST


Attached is a slight modification of a patch I sent out a while ago.  In
the current (at least up to 2.6.10-rc2-bk13) audit code, permission for
things like creating an AUDIT_ADD message are checked at the netlink
message receive.  Stephen Smalley had pointed out that since netlink is
asynchronous, it is possible to end up checking the permissions of the
wrong process.

This patch moves the permission checks to the netlink send side.  The
netlink_get_msgtype function prototyped in include/linux/netlink.h can
be used during security_netlink_send by any security module to implement
different checks, which presumably should be enough to implement an
actual audit role.  The patch also adds some message length checks which
seemed lacking.  Please let me know if I'm wrong about those.

Serge Hallyn
Security Software Engineer, IBM Linux Technology Center

This archive was generated by hypermail 2.1.3 : Thu Dec 02 2004 - 15:14:15 PST