audit: allow unsetting the loginuid (with priv)

If a task has CAP_AUDIT_CONTROL allow that task to unset their loginuid.
This would allow a child of that task to set their loginuid without
CAP_AUDIT_CONTROL.  Thus when launching a new login daemon, a
priviledged helper would be able to unset the loginuid and then the
daemon, which may be malicious user facing, do not need priv to function
correctly.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>

1 files changed, 10 insertions, 4 deletions

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 1485e38daaa3..03c8d747be48 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1151,10 +1151,16 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
                 goto out_free_page;
 
         }
-        kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
-        if (!uid_valid(kloginuid)) {
-                length = -EINVAL;
-                goto out_free_page;
+
+        /* is userspace tring to explicitly UNSET the loginuid? */
+        if (loginuid == AUDIT_UID_UNSET) {
+                kloginuid = INVALID_UID;
+        } else {
+                kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
+                if (!uid_valid(kloginuid)) {
+                        length = -EINVAL;
+                        goto out_free_page;
+                }
         }
 
         length = audit_set_loginuid(kloginuid);