Browse Source

audit: allow unsetting the loginuid (with priv)

If a task has CAP_AUDIT_CONTROL allow that task to unset their loginuid.
This would allow a child of that task to set their loginuid without
CAP_AUDIT_CONTROL.  Thus when launching a new login daemon, a
priviledged helper would be able to unset the loginuid and then the
daemon, which may be malicious user facing, do not need priv to function
correctly.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
master
Eric Paris 8 years ago
parent
commit
81407c84ac
  1. 14
      fs/proc/base.c
  2. 4
      kernel/auditsc.c

14
fs/proc/base.c

@ -1151,10 +1151,16 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
goto out_free_page;
}
kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
if (!uid_valid(kloginuid)) {
length = -EINVAL;
goto out_free_page;
/* is userspace tring to explicitly UNSET the loginuid? */
if (loginuid == AUDIT_UID_UNSET) {
kloginuid = INVALID_UID;
} else {
kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
if (!uid_valid(kloginuid)) {
length = -EINVAL;
goto out_free_page;
}
}
length = audit_set_loginuid(kloginuid);

4
kernel/auditsc.c

@ -2019,7 +2019,9 @@ int audit_set_loginuid(kuid_t loginuid)
if (rc)
goto out;
sessionid = atomic_inc_return(&session_id);
/* are we setting or clearing? */
if (uid_valid(loginuid))
sessionid = atomic_inc_return(&session_id);
task->sessionid = sessionid;
task->loginuid = loginuid;

Loading…
Cancel
Save