On 10/31/2013 10:50 PM, Steve Grubb wrote: > On Thursday, October 31, 2013 04:52:22 PM Gao feng wrote: >> Signed-off-by: Gao feng <[email protected]> >> --- >> kernel/auditsc.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/kernel/auditsc.c b/kernel/auditsc.c >> index 065c7a1..92d0e92 100644 >> --- a/kernel/auditsc.c >> +++ b/kernel/auditsc.c >> @@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t >> koldloginuid, kuid_t kloginuid, struct audit_buffer *ab; >> uid_t uid, ologinuid, nloginuid; >> >> + if (audit_enabled == AUDIT_OFF) >> + return; >> + >> uid = from_kuid(&init_user_ns, task_uid(current)); >> ologinuid = from_kuid(&init_user_ns, koldloginuid); >> nloginuid = from_kuid(&init_user_ns, kloginuid), > > Are you wanting to avoid the audit event or prevent the use of > loginuid/sessionid when audit is disabled? What if we shutdown auditd (which > could disable auditing), someone logs in, and we restart auditd? Wouldn't > their context not have the correct credentials? What about non audit users of > this information? >
audit_log_set_loginuid is just used to log the setting loginuid message. this patch will prevent this message being generated when audit is disabled, we can still set/use loginuid. Anything I missed? Thanks Gao -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
