More PATH fallout. Who decided this was a good idea?

Steve Grubb sgrubb at
Sun Dec 7 16:51:38 UTC 2008

On Sunday 07 December 2008 11:31:54 Enrico Scholz wrote:
> Both 'vipw' and 'ldapadd' are official and documented tools to manage
> user database.

vipw I believe is forbidden due to its ability to circumvent auditing of user-
subject binding. ldap is not part of the evaluation.

However, we could certainly extend the auditing to other programs if we wanted 
to. Nothing is preventing this except someone having the time to do it. If you 
wanted to add auditing, I'm all for it and don't mind helping where I can.

> > The utilities that would allow you to modify it cannot be accessed
> > unless you are root.
> Sounds like "when the algorithm is hidden, the crypto mechanism is
> secure"...

I wouldn't characterize it like that. It means that you have established 
proceedures that ensure the Security Objectives are met. As for crypto, the 
unprivileged user has access to passwd and that does crypto for them.


More information about the fedora-devel-list mailing list