More PATH fallout. Who decided this was a good idea?

Les Mikesell lesmikesell at gmail.com
Sun Dec 7 22:56:58 UTC 2008


Steve Grubb wrote:
> 
>>> The utilities that would allow you to modify it cannot be accessed
>>> unless you are root.
>> Sounds like "when the algorithm is hidden, the crypto mechanism is
>> secure"...
> 
> I wouldn't characterize it like that. It means that you have established 
> proceedures that ensure the Security Objectives are met.

What does that mean?  Why is it necessary to prevent anyone but root 
from running the utility when in fact your security objectives can only 
be met when the files the utility accesses can only be modified by root? 
Which program is used to modify the file is pretty much irrelevant.

It is hard to take these concepts seriously when they add unnecessary cruft.

-- 
   Les Mikesell
     lesmikesell at gmail.com




More information about the fedora-devel-list mailing list