audit: allow unsetting the loginuid (with priv)
If a task has CAP_AUDIT_CONTROL allow that task to unset their loginuid. This would allow a child of that task to set their loginuid without CAP_AUDIT_CONTROL. Thus when launching a new login daemon, a priviledged helper would be able to unset the loginuid and then the daemon, which may be malicious user facing, do not need priv to function correctly. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
Eric Paris
parent
83fa6bbe4c
commit
81407c84ac
|
|
@ -1151,10 +1151,16 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
|
|||
goto out_free_page;
|
||||
|
||||
}
|
||||
kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
|
||||
if (!uid_valid(kloginuid)) {
|
||||
length = -EINVAL;
|
||||
goto out_free_page;
|
||||
|
||||
/* is userspace tring to explicitly UNSET the loginuid? */
|
||||
if (loginuid == AUDIT_UID_UNSET) {
|
||||
kloginuid = INVALID_UID;
|
||||
} else {
|
||||
kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
|
||||
if (!uid_valid(kloginuid)) {
|
||||
length = -EINVAL;
|
||||
goto out_free_page;
|
||||
}
|
||||
}
|
||||
|
||||
length = audit_set_loginuid(kloginuid);
|
||||
|
|
|
|||
|
|
@ -2019,7 +2019,9 @@ int audit_set_loginuid(kuid_t loginuid)
|
|||
if (rc)
|
||||
goto out;
|
||||
|
||||
sessionid = atomic_inc_return(&session_id);
|
||||
/* are we setting or clearing? */
|
||||
if (uid_valid(loginuid))
|
||||
sessionid = atomic_inc_return(&session_id);
|
||||
|
||||
task->sessionid = sessionid;
|
||||
task->loginuid = loginuid;
|
||||
|
|
|
|||
Loading…
Reference in New Issue