Skip to content

Commit

Permalink
---
Browse files Browse the repository at this point in the history
yaml
---
r: 286063
b: refs/heads/master
c: 633b454
h: refs/heads/master
i:
  286061: dc9fbb4
  286059: da631b3
  286055: 2a9df6a
  286047: e576952
v: v3
  • Loading branch information
Eric Paris authored and Al Viro committed Jan 17, 2012
1 parent ac23b1e commit 873641b
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 5 deletions.
2 changes: 1 addition & 1 deletion [refs]
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
refs/heads/master: 0a300be6d5be8f66cd96609334710c268d0bfdce
refs/heads/master: 633b45454503489209b0d9a45f9e3cd1b852c614
3 changes: 0 additions & 3 deletions trunk/fs/proc/base.c
Original file line number Diff line number Diff line change
Expand Up @@ -1197,9 +1197,6 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
ssize_t length;
uid_t loginuid;

if (!capable(CAP_AUDIT_CONTROL))
return -EPERM;

rcu_read_lock();
if (current != pid_task(proc_pid(inode), PIDTYPE_PID)) {
rcu_read_unlock();
Expand Down
14 changes: 14 additions & 0 deletions trunk/init/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -372,6 +372,20 @@ config AUDIT_TREE
depends on AUDITSYSCALL
select FSNOTIFY

config AUDIT_LOGINUID_IMMUTABLE
bool "Make audit loginuid immutable"
depends on AUDIT
help
The config option toggles if a task setting it's loginuid requires
CAP_SYS_AUDITCONTROL or if that task should require no special permissions
but should instead only allow setting its loginuid if it was never
previously set. On systems which use systemd or a similar central
process to restart login services this should be set to true. On older
systems in which an admin would typically have to directly stop and
start processes this should be set to false. Setting this to true allows
one to drop potentially dangerous capabilites from the login tasks,
but may not be backwards compatible with older init systems.

source "kernel/irq/Kconfig"

menu "RCU Subsystem"
Expand Down
11 changes: 10 additions & 1 deletion trunk/kernel/auditsc.c
Original file line number Diff line number Diff line change
Expand Up @@ -2173,9 +2173,18 @@ static atomic_t session_id = ATOMIC_INIT(0);
int audit_set_loginuid(uid_t loginuid)
{
struct task_struct *task = current;
unsigned int sessionid = atomic_inc_return(&session_id);
struct audit_context *context = task->audit_context;
unsigned int sessionid;

#ifdef CONFIG_AUDIT_LOGINUID_IMMUTABLE
if (task->loginuid != -1)
return -EPERM;
#else /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
if (!capable(CAP_AUDIT_CONTROL))
return -EPERM;
#endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */

sessionid = atomic_inc_return(&session_id);
if (context && context->in_syscall) {
struct audit_buffer *ab;

Expand Down

0 comments on commit 873641b

Please sign in to comment.