Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 81407c84 authored May 24, 2013 by Eric Paris

audit: allow unsetting the loginuid (with priv)



If a task has CAP_AUDIT_CONTROL allow that task to unset their loginuid.
This would allow a child of that task to set their loginuid without
CAP_AUDIT_CONTROL.  Thus when launching a new login daemon, a
priviledged helper would be able to unset the loginuid and then the
daemon, which may be malicious user facing, do not need priv to function
correctly.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>

parent 83fa6bbe

fs/proc/base.c

+10 −4

Original line number	Diff line number	Diff line
		@@ -1151,11 +1151,17 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
		goto out_free_page;

		}

		/* is userspace tring to explicitly UNSET the loginuid? */
		if (loginuid == AUDIT_UID_UNSET) {
		kloginuid = INVALID_UID;
		} else {
		kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
		if (!uid_valid(kloginuid)) {
		length = -EINVAL;
		goto out_free_page;
		}
		}

		length = audit_set_loginuid(kloginuid);
		if (likely(length == 0))

kernel/auditsc.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -2019,6 +2019,8 @@ int audit_set_loginuid(kuid_t loginuid)
		if (rc)
		goto out;

		/* are we setting or clearing? */
		if (uid_valid(loginuid))
		sessionid = atomic_inc_return(&session_id);

		task->sessionid = sessionid;