Re: Proposal "LUID": CAPP requirements

From: Jan Harkes (jaharkes@cs.cmu.edu)
Date: Tue Apr 18 2000 - 14:50:14 EST


On Mon, Apr 17, 2000 at 05:07:19PM -0700, Linda Walsh wrote:
> Jan Harkes wrote:
> > static int global_audit_counter = 1;
> >
> > int sys_newauditid(void)
> > {
> > lock_kernel();
> >
> > if (current->auditid && !capable(CAP_NEW_AUDIT_ID))
> > return -EPERM;
> >
> > current->auditid = global_audit_counter++;
> >
> > unlock_kernel();
> >
> > return 0;
> > }
> ---
> How about to the first -- define UID=-1 as an invalid UID.
> Then in set_luid, if you pass it -1, it returns the audit_counter and
> sets luid to that value, else for all other integers set_luid to that value.
> Then we both get exactly the behaviors we want.

That wouldn't be very useful, I think we both need very well defined
semantics, otherwise someone installing Coda on a system with auditing
would unintentionally mess up both Coda's user-session mapping and the
auditing process at the same time.

> I'm just not wanting to
> write post-processing to have to map all the session numbers to the UID to
> fulfill the need for per-authenticated user accountability.

Assume the audit log looks like:

    "sessionid syscall syscall_arguments"

#!/usr/bin/python
import fileinput, string
sessions = {}
for line in fileinput.input():
  parts = string.split(line)
  sessionid = parts[0]
  if parts[1] == "setuid" and not sessions.has_key(sessionid):
    sessions[sessionid] = parts[2]
  if sessions.has_key(sessionid):
    luid = sessions[sessionid]
  else:
    luid = "Warning unauthenticated session #%s" % sessionid
  print "%s %s" % (luid, string.join(parts[1:]))

Jan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:14 EST