More PATH fallout. Who decided this was a good idea?
Callum Lerwick
seg at haxxed.com
Sat Dec 6 18:28:44 UTC 2008
On Sat, 2008-12-06 at 10:12 -0800, Jesse Keating wrote:
> On Sat, 2008-12-06 at 13:07 -0500, Steve Grubb wrote:
> > Nope, we took the perms away. Problem solved. :)
> >
>
> Er, you took the perms away from the one we ship, but not one that a
> user can gather from the network, or copy in from elsewhere. Surely
> you'd want to audit any attempt at these things, not just from root
> level users?
Furthermore, we're supposedly gaining security by preventing
*unprivileged* user accounts from executing usermod, yet an ACTUAL
compromised scenario, like oh say breaking into root with a privilege
escalation vulnerability and modifying passwd and shadow directly with
kernel syscalls, goes unaudited?
Am I the only one who thinks this security model is mindbogglingly
broken and nothing more than security masturbation?
If you're not auditing at a lower level than executing /bin/usermod, you
are DOING IT WRONG period.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20081206/0709431f/attachment.sig>
More information about the fedora-devel-list
mailing list