GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-04-01 12:04:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

audit: improve GID/EGID comparation logic

Browse source 
It is useful to extend GID/EGID comparation logic to be able to
match not only the exact EID/EGID values but the group/egroup also.

Signed-off-by: Matvejchikov Ilya <matvejchikov@gmail.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
Matvejchikov Ilya 2011-12-13 23:09:08 +03:00 committed by Eric Paris
parent 19f949f525
commit 37eebe39c9
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
kernel/auditsc.c
View file

@ -633,9 +633,23 @@ static int audit_filter_rules(struct task_struct *tsk,
break; break;
case AUDIT_GID: case AUDIT_GID:
result = audit_gid_comparator(cred->gid, f->op, f->gid); result = audit_gid_comparator(cred->gid, f->op, f->gid);
if (f->op == Audit_equal) {
if (!result)
result = in_group_p(f->gid);
} else if (f->op == Audit_not_equal) {
if (result)
result = !in_group_p(f->gid);
}
break; break;
case AUDIT_EGID: case AUDIT_EGID:
result = audit_gid_comparator(cred->egid, f->op, f->gid); result = audit_gid_comparator(cred->egid, f->op, f->gid);
if (f->op == Audit_equal) {
if (!result)
result = in_egroup_p(f->gid);
} else if (f->op == Audit_not_equal) {
if (result)
result = !in_egroup_p(f->gid);
}
break; break;
case AUDIT_SGID: case AUDIT_SGID:
result = audit_gid_comparator(cred->sgid, f->op, f->gid); result = audit_gid_comparator(cred->sgid, f->op, f->gid);