Re: [PATCH] (for 2.3.99pre6) audit_ids system calls

From: Linda Walsh (law@sgi.com)
Date: Tue May 02 2000 - 17:02:06 EST

Next message: Yann Dirson: "Minor improvement to drivers/net/Config.in labels [PATCH]"
Previous message: Stephen C. Tweedie: "Re: kswapd @ 60-80% CPU during heavy HD i/o."
In reply to: Alan Curry: "Re: [PATCH] (for 2.3.99pre6) audit_ids system calls"
Next in thread: Ton Hospel: "Re: [PATCH] (for 2.3.99pre6) audit_ids system calls"
Reply: Ton Hospel: "Re: [PATCH] (for 2.3.99pre6) audit_ids system calls"
Reply: Steve Dodd: "Re: [PATCH] (for 2.3.99pre6) audit_ids system calls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan Curry wrote:

> Linda Walsh writes the following:
> > If we changed the login id to 'root', we'd tend to lose track of who the "real" user was who logged
> >in and "su"ed.
>
> Why do you think the `real uid' is called what it is?

--- It is fairly trivial to write a suid program that somehow gives one a shell as another password -- no login or 'su' or password required. In fact I may *want* something like sendmail to run as my userid when it runs my mail filter, but that doesn't mean it really is ME running the the program -- it was run by a deamon. Same thing with an "suid" program. It could change my real and effective to something else. That doesn't mean I authenticated as that person.

> > Because that IS the real user. If you used su, you REALLY ARE who you su'ed > to. The previous uid is NOT REAL ANYMORE. If you want to believe otherwise, > go ahead and bloat your own kernel, but please quit trying to push that crap > into mine.

--- Your login is *your* identity on your system. Some signons like 'root' are not a person but a 'role' or a way of obtaining privilege. That doesn't mean you are now the *person* named "root" - there ain't such (disregarding anyone who is actually named 'root', but do we really think it that person who has logged on everytime we see a 'root' login? Of course not.) . CAPP requires the audit-id to be tracked corresponding to who was "authenticated" at the point the system went from being "closed" to "opening" an authenticated session. "O_AUDITING" calls for individual accountability (i.e TOE "users") whenever security-relevant actions occur. This component requires every auditable event to be associated with an individual user." [not User ID]

-l

-- Linda Walsh @ SGI | Core Linux - Trust Technology 1200 Crittenden Lane MS:30-3-802 | Voice: (650) 933-5338 Mountain View, CA 94043 | Email: law@sgi.com

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Yann Dirson: "Minor improvement to drivers/net/Config.in labels [PATCH]"
Previous message: Stephen C. Tweedie: "Re: kswapd @ 60-80% CPU during heavy HD i/o."
In reply to: Alan Curry: "Re: [PATCH] (for 2.3.99pre6) audit_ids system calls"
Next in thread: Ton Hospel: "Re: [PATCH] (for 2.3.99pre6) audit_ids system calls"
Reply: Ton Hospel: "Re: [PATCH] (for 2.3.99pre6) audit_ids system calls"
Reply: Steve Dodd: "Re: [PATCH] (for 2.3.99pre6) audit_ids system calls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:11 EST