From 37eebe39c9731a76535f08de455db97eb93894ae Mon Sep 17 00:00:00 2001 From: Matvejchikov Ilya Date: Tue, 13 Dec 2011 23:09:08 +0300 Subject: [PATCH] audit: improve GID/EGID comparation logic It is useful to extend GID/EGID comparation logic to be able to match not only the exact EID/EGID values but the group/egroup also. Signed-off-by: Matvejchikov Ilya Signed-off-by: Eric Paris --- kernel/auditsc.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index a371f857a0a9..77c705c302f7 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -633,9 +633,23 @@ static int audit_filter_rules(struct task_struct *tsk, break; case AUDIT_GID: result = audit_gid_comparator(cred->gid, f->op, f->gid); + if (f->op == Audit_equal) { + if (!result) + result = in_group_p(f->gid); + } else if (f->op == Audit_not_equal) { + if (result) + result = !in_group_p(f->gid); + } break; case AUDIT_EGID: result = audit_gid_comparator(cred->egid, f->op, f->gid); + if (f->op == Audit_equal) { + if (!result) + result = in_egroup_p(f->gid); + } else if (f->op == Audit_not_equal) { + if (result) + result = !in_egroup_p(f->gid); + } break; case AUDIT_SGID: result = audit_gid_comparator(cred->sgid, f->op, f->gid); -- 2.20.1