Re: [PATCH] LSM hooks for audit

On Wed, 2004-09-15 at 10:02, Stephen Smalley wrote:
> On Wed, 2004-09-15 at 09:59, Serge Hallyn wrote:
>       case AUDIT_SET:
> -             if (!capable(CAP_SYS_ADMIN))
> -                     return -EPERM;
> +             err = security_audit_set(status_get->mask);
> +             if (err)
> +                     return err;
>               status_get   = (struct audit_status *)data;
> 
> Hook is called _before_ setting of status_get?

Good point, we should send the status_get to the hook for finer-grained
controls.

>   And what checks that the
> data length is at least sizeof(struct audit_status)?  Looks like the
> existing code is assuming that the caller didn't send a short message.

True.

> 
> @@ -364,8 +365,9 @@ static int audit_receive_msg(struct sk_b
>               audit_log_end(ab);
>               break;
>       case AUDIT_LOGIN:
> -             if (!capable(CAP_SYS_ADMIN))
> -                     return -EPERM;
> +             err = security_audit_login();
> +             if (err)
> +                     return err;
>               login = (struct audit_login *)data;
>               ab = audit_log_start(NULL);
>               if (ab) {
> 
> Why not call the hook after extracting the data (and again, checking the
> length) and pass the audit_login info to the hook.
> 
> I would also suggest a hook on AUDIT_USER.

Thanks, I will send a new patch with each of these incorporated.

-serge
-- 
=======================================================
Serge Hallyn
Security Software Engineer, IBM Linux Technology Center
serue@xxxxxxxxxx