On Mon, Apr 17, 2000 at 05:07:19PM -0700, Linda Walsh wrote:
> Jan Harkes wrote:
> > static int global_audit_counter = 1;
> >
> > int sys_newauditid(void)
> > {
> > lock_kernel();
> >
> > if (current->auditid && !capable(CAP_NEW_AUDIT_ID))
> > return -EPERM;
> >
> > current->auditid = global_audit_counter++;
> >
> > unlock_kernel();
> >
> > return 0;
> > }
> ---
> How about to the first -- define UID=-1 as an invalid UID.
> Then in set_luid, if you pass it -1, it returns the audit_counter and
> sets luid to that value, else for all other integers set_luid to that value.
> Then we both get exactly the behaviors we want.
That wouldn't be very useful, I think we both need very well defined
semantics, otherwise someone installing Coda on a system with auditing
would unintentionally mess up both Coda's user-session mapping and the
auditing process at the same time.
> I'm just not wanting to
> write post-processing to have to map all the session numbers to the UID to
> fulfill the need for per-authenticated user accountability.
Assume the audit log looks like:
"sessionid syscall syscall_arguments"
#!/usr/bin/python
import fileinput, string
sessions = {}
for line in fileinput.input():
parts = string.split(line)
sessionid = parts[0]
if parts[1] == "setuid" and not sessions.has_key(sessionid):
sessions[sessionid] = parts[2]
if sessions.has_key(sessionid):
luid = sessions[sessionid]
else:
luid = "Warning unauthenticated session #%s" % sessionid
print "%s %s" % (luid, string.join(parts[1:]))
Jan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:14 EST