More PATH fallout. Who decided this was a good idea?
Les Mikesell
lesmikesell at gmail.com
Mon Dec 8 17:31:49 UTC 2008
Suren Karapetyan wrote:
> Steve Grubb wrote:
>
>> IOW, if we open the permissions, we need to make these become setuid root so
>> that we send audit events saying they failed.
>>
> No you don't, cause you said yourself filesystem-level auditing is still
> done.
> So if someone tries to use usermod to modify /etc/passwd and hasn't the
> permissions it takes, it will be logged.
> usermod is just another tool to modify /etc/passwd, ...
> With exactly the same reasoning You could chmod 750 /bin/vi
And, of course, /bin/bash which is equally capable of modifying files.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-devel-list
mailing list