More PATH fallout. Who decided this was a good idea?
Jesse Keating
jkeating at redhat.com
Sat Dec 6 16:56:31 UTC 2008
On Sat, 2008-12-06 at 07:45 -0500, Steve Grubb wrote:
>
> No, it has more to do with the fact that we have to audit all attempts to
> modify trusted databases - in this case, shadow. No one can use these tools
> since they do not have the permissions required to be successful. So, we
> remove the ability to use these tools so that we don't have to audit it.
>
> IOW, if we open the permissions, we need to make these become setuid root so
> that we send audit events saying they failed.
>
>
> > I'm just curious what added security you really get.
>
> Its not so much a security thing as much as its a certification thing. An
> ordinary user cannot possibly use these tools since they do not have the
> requisite permissions.
>
Now I'm confused. Why would the binary have to be suid? Why can't the
binary detect that hte calling user is not root, and just print out the
usage and a message saying that you have to be root? How would this
action make it any less auditable?
It seems that the cert folks have a different definition of "use" than
we do. A normal user should be able to use the binary to get help
output, and the binary would be useful in path for things like tab
completion leading up to a sudo call.
Still wondering what "value" this is adding.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20081206/51f44fe7/attachment.sig>
More information about the fedora-devel-list
mailing list