diff options
author | Miloslav Trmac <mitr@redhat.com> | 2008-04-18 16:30:14 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-04-28 06:28:24 -0400 |
commit | 41126226e186d92a45ed664e546abb5204588359 (patch) | |
tree | cd31de9587e81b01934fe95e574be109dd0129c7 /include/linux | |
parent | 7719e437fac119e57b17588bab3a8e39ff9d22eb (diff) |
[patch 1/2] audit: let userspace fully control TTY input auditing
Remove the code that automatically disables TTY input auditing in processes
that open TTYs when they have no other TTY open; this heuristic was
intended to automatically handle daemons, but it has false positives (e.g.
with sshd) that make it impossible to control TTY input auditing from a PAM
module. With this patch, TTY input auditing is controlled from user-space
only.
On the other hand, not even for daemons does it make sense to audit "input"
from PTY masters; this data was produced by a program writing to the PTY
slave, and does not represent data entered by the user.
Signed-off-by: Miloslav Trmac <mitr@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/tty.h | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/include/linux/tty.h b/include/linux/tty.h index 430624504ca0..265831ccaa88 100644 --- a/include/linux/tty.h +++ b/include/linux/tty.h | |||
@@ -300,7 +300,6 @@ extern void tty_hangup(struct tty_struct * tty); | |||
300 | extern void tty_vhangup(struct tty_struct * tty); | 300 | extern void tty_vhangup(struct tty_struct * tty); |
301 | extern void tty_unhangup(struct file *filp); | 301 | extern void tty_unhangup(struct file *filp); |
302 | extern int tty_hung_up_p(struct file * filp); | 302 | extern int tty_hung_up_p(struct file * filp); |
303 | extern int is_tty(struct file *filp); | ||
304 | extern void do_SAK(struct tty_struct *tty); | 303 | extern void do_SAK(struct tty_struct *tty); |
305 | extern void __do_SAK(struct tty_struct *tty); | 304 | extern void __do_SAK(struct tty_struct *tty); |
306 | extern void disassociate_ctty(int priv); | 305 | extern void disassociate_ctty(int priv); |
@@ -352,7 +351,6 @@ extern void tty_audit_exit(void); | |||
352 | extern void tty_audit_fork(struct signal_struct *sig); | 351 | extern void tty_audit_fork(struct signal_struct *sig); |
353 | extern void tty_audit_push(struct tty_struct *tty); | 352 | extern void tty_audit_push(struct tty_struct *tty); |
354 | extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid); | 353 | extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid); |
355 | extern void tty_audit_opening(void); | ||
356 | #else | 354 | #else |
357 | static inline void tty_audit_add_data(struct tty_struct *tty, | 355 | static inline void tty_audit_add_data(struct tty_struct *tty, |
358 | unsigned char *data, size_t size) | 356 | unsigned char *data, size_t size) |
@@ -370,9 +368,6 @@ static inline void tty_audit_push(struct tty_struct *tty) | |||
370 | static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid) | 368 | static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid) |
371 | { | 369 | { |
372 | } | 370 | } |
373 | static inline void tty_audit_opening(void) | ||
374 | { | ||
375 | } | ||
376 | #endif | 371 | #endif |
377 | 372 | ||
378 | /* tty_ioctl.c */ | 373 | /* tty_ioctl.c */ |