• Serge Hallyn's avatar
    [PATCH] Fix audit control message checks · f2840fcc
    Serge Hallyn authored
    The audit control messages are sent over netlink.  Permission checks are
    done on the process receiving the message, which may not be the same as the
    process sending the message.  This patch switches the netlink_send security
    hooks to calculate the effective capabilities based on the sender.  Then
    audit_receive_msg performs capability checks based on that.
    
    It also introduces the CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL capabilities,
    and replaces the previous CAP_SYS_ADMIN checks in audit code with the
    appropriate checks.
    
    - Simplified dummy_netlink_send given that dummy now keeps track of
      capabilities.
    
    - Many fixes based on feedback from <linux-audit@redhat.com> list.
    
    - Removed the netlink_msg_type helper function.
    
    - Switch to using CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL.
    Signed-off-by: default avatarSerge Hallyn <serue@us.ibm.com>
    Signed-off-by: default avatarStephen Smalley <sds@epoch.ncsc.mil>
    Signed-off-by: default avatarChris Wright <chrisw@osdl.org>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    f2840fcc
audit.c 22.8 KB