Re: [PATCH 2/3] CRED: Split the task security data and move part of it into struct cred - Kernel

This is a discussion on Re: [PATCH 2/3] CRED: Split the task security data and move part of it into struct cred - Kernel ; Stephen Smalley wrote: > Precisely when to use one identity vs. the other though isn't always > clear, and the potential for accidental divergence is also a concern. What should auditing use in audit_filter_rules() when dealing with AUDIT_SUBJ_* cases? Should ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Re: [PATCH 2/3] CRED: Split the task security data and move part of it into struct cred

  1. Re: [PATCH 2/3] CRED: Split the task security data and move part of it into struct cred

    Stephen Smalley wrote:

    > Precisely when to use one identity vs. the other though isn't always
    > clear, and the potential for accidental divergence is also a concern.


    What should auditing use in audit_filter_rules() when dealing with
    AUDIT_SUBJ_* cases? Should the SUBJ cases use the subjective SID and the
    AUDIT_OBJ_* cases use the objective SID? On the other hand AUDIT_OBJ_* cases
    don't seem to have anything to do with tasks.

    David
    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: [PATCH 2/3] CRED: Split the task security data and move part of it into struct cred

    On Wed, 2007-09-26 at 14:30 +0100, David Howells wrote:
    > Stephen Smalley wrote:
    >
    > > Precisely when to use one identity vs. the other though isn't always
    > > clear, and the potential for accidental divergence is also a concern.

    >
    > What should auditing use in audit_filter_rules() when dealing with
    > AUDIT_SUBJ_* cases? Should the SUBJ cases use the subjective SID and the
    > AUDIT_OBJ_* cases use the objective SID? On the other hand AUDIT_OBJ_* cases
    > don't seem to have anything to do with tasks.


    (cc'd linux-audit)

    As you say, I don't think AUDIT_OBJ_* has anything to do with tasks,
    just object labels (like inode labels).

    I think you likely want the actor SID / subject SID or whatever you want
    to call it for AUDIT_SUBJ_*.

    --
    Stephen Smalley
    National Security Agency

    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  3. Re: [PATCH 2/3] CRED: Split the task security data and move part of it into struct cred


    --- David Howells wrote:

    > Stephen Smalley wrote:
    >
    > > Precisely when to use one identity vs. the other though isn't always
    > > clear, and the potential for accidental divergence is also a concern.

    >
    > What should auditing use in audit_filter_rules() when dealing with
    > AUDIT_SUBJ_* cases? Should the SUBJ cases use the subjective SID and the
    > AUDIT_OBJ_* cases use the objective SID? On the other hand AUDIT_OBJ_* cases
    > don't seem to have anything to do with tasks.


    I believe that you'll need to audit both sets of credentials.
    I think that for audit filtering you will need to have the ability
    to filter on either. It's no different from the euid/ruid split.


    Casey Schaufler
    casey@schaufler-ca.com
    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread