From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Beattie <sbeattie@suse.de>
Subject: Re: proc_loginuid_write() checks wrong capability?
Date: Tue, 6 Feb 2007 11:53:32 -0800
Message-ID: <20070206195332.GD6698@suse.de>
References: <20070206182715.GA25164@suse.de>
	<1170788918.12293.422.camel@moss-spartans.epoch.ncsc.mil>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0314308757=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx2.redhat.com (mx2.redhat.com [10.255.15.25])
	by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l16JrcQY007328
	for <linux-audit@redhat.com>; Tue, 6 Feb 2007 14:53:39 -0500
Received: from lizaveta.nxnw.org (208-151-246-43.dq1sn.easystreet.com
	[208.151.246.43])
	by mx2.redhat.com (8.13.1/8.13.1) with ESMTP id l16Jraq9020061
	for <linux-audit@redhat.com>; Tue, 6 Feb 2007 14:53:36 -0500
In-Reply-To: <1170788918.12293.422.camel@moss-spartans.epoch.ncsc.mil>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com


--===============0314308757==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="Q0rSlbzrZN6k9QnT"
Content-Disposition: inline


--Q0rSlbzrZN6k9QnT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Feb 06, 2007 at 02:08:38PM -0500, Stephen Smalley wrote:
> Setting the loginuid of a process is a form of "control" over the audit
> system, as the loginuid is the basis for user accountability in the
> audit framework.    It differs from merely generating a user audit
> message.  There was some discussion of introducing a third audit
> capability, but no support for it.

Ah, thanks Stephen and Casey, for explaining the reasoning. It does have
the unfortunate side effect of causing CAP_AUDIT_CONTROL to be needed
more widely than one might expect.

--=20
Steve Beattie
SUSE Labs, Novell Inc.=20
<sbeattie@suse.de>
http://NxNW.org/~steve/

--Q0rSlbzrZN6k9QnT
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFyNy7quBH+DuYavMRAqPPAJ4pHgxfeeDS3r9hQn6+if/Nmo2OdgCdGuOX
EPx9/ab5ZjZQ/UVgpeU7KsQ=
=zGnh
-----END PGP SIGNATURE-----

--Q0rSlbzrZN6k9QnT--


--===============0314308757==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============0314308757==--