Hi, Attached is a slight modification of a patch I sent out a while ago. In the current (at least up to 2.6.10-rc2-bk13) audit code, permission for things like creating an AUDIT_ADD message are checked at the netlink message receive. Stephen Smalley had pointed out that since netlink is asynchronous, it is possible to end up checking the permissions of the wrong process. This patch moves the permission checks to the netlink send side. The netlink_get_msgtype function prototyped in include/linux/netlink.h can be used during security_netlink_send by any security module to implement different checks, which presumably should be enough to implement an actual audit role. The patch also adds some message length checks which seemed lacking. Please let me know if I'm wrong about those. thanks, -serge -- ======================================================= Serge Hallyn Security Software Engineer, IBM Linux Technology Center serue@private
This archive was generated by hypermail 2.1.3 : Thu Dec 02 2004 - 15:14:15 PST