audit: allow unsetting the loginuid (with priv)

If a task has CAP_AUDIT_CONTROL allow that task to unset their loginuid. This would allow a child of that task to set their loginuid without CAP_AUDIT_CONTROL. Thus when launching a new login daemon, a priviledged helper would be able to unset the loginuid and then the daemon, which may be malicious user facing, do not need priv to function correctly. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2013-05-24 09:49:14 -0400
committer: Eric Paris <eparis@redhat.com> 2013-11-05 11:08:09 -0500
commit: 81407c84ace88368ff23abb81caaeacf050c8450 (patch)
tree: 16073582364ac97b798010640da348a68460b73d
parent: 83fa6bbe4c4541ae748b550b4ec391f8a0acfe94 (diff)
2 files changed, 13 insertions, 5 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 1485e38daaa3..03c8d747be48 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1151,10 +1151,16 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
                goto out_free_page;
        }
-        kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
-        if (!uid_valid(kloginuid)) {
+        /* is userspace tring to explicitly UNSET the loginuid? */
-                length = -EINVAL;
+        if (loginuid == AUDIT_UID_UNSET) {
-                goto out_free_page;
+                kloginuid = INVALID_UID;
+        } else {
+                kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
+                if (!uid_valid(kloginuid)) {
+                        length = -EINVAL;
+                        goto out_free_page;
+                }
        }
        length = audit_set_loginuid(kloginuid);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b55788bf1607..c75d7813aef2 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2019,7 +2019,9 @@ int audit_set_loginuid(kuid_t loginuid)
        if (rc)
                goto out;
-        sessionid = atomic_inc_return(&session_id);
+        /* are we setting or clearing? */
+        if (uid_valid(loginuid))
+                sessionid = atomic_inc_return(&session_id);
        task->sessionid = sessionid;
        task->loginuid = loginuid;
author	Eric Paris <eparis@redhat.com>	2013-05-24 09:49:14 -0400
committer	Eric Paris <eparis@redhat.com>	2013-11-05 11:08:09 -0500
commit	81407c84ace88368ff23abb81caaeacf050c8450 (patch)
tree	16073582364ac97b798010640da348a68460b73d
parent	83fa6bbe4c4541ae748b550b4ec391f8a0acfe94 (diff)

diff --git a/fs/proc/base.c b/fs/proc/base.c index 1485e38daaa3..03c8d747be48 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c
@@ -1151,10 +1151,16 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
1151	goto out_free_page;	1151	goto out_free_page;
1152		1152
1153	}	1153	}
1154	kloginuid = make_kuid(file->f_cred->user_ns, loginuid);	1154
1155	if (!uid_valid(kloginuid)) {	1155	/* is userspace tring to explicitly UNSET the loginuid? */
1156	length = -EINVAL;	1156	if (loginuid == AUDIT_UID_UNSET) {
1157	goto out_free_page;	1157	kloginuid = INVALID_UID;
		1158	} else {
		1159	kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
		1160	if (!uid_valid(kloginuid)) {
		1161	length = -EINVAL;
		1162	goto out_free_page;
		1163	}
1158	}	1164	}
1159		1165
1160	length = audit_set_loginuid(kloginuid);	1166	length = audit_set_loginuid(kloginuid);


diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b55788bf1607..c75d7813aef2 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -2019,7 +2019,9 @@ int audit_set_loginuid(kuid_t loginuid)
2019	if (rc)	2019	if (rc)
2020	goto out;	2020	goto out;
2021		2021
2022	sessionid = atomic_inc_return(&session_id);	2022	/* are we setting or clearing? */
		2023	if (uid_valid(loginuid))
		2024	sessionid = atomic_inc_return(&session_id);
2023		2025
2024	task->sessionid = sessionid;	2026	task->sessionid = sessionid;
2025	task->loginuid = loginuid;	2027	task->loginuid = loginuid;