More PATH fallout. Who decided this was a good idea?

Jesse Keating jkeating at
Sat Dec 6 16:56:31 UTC 2008

On Sat, 2008-12-06 at 07:45 -0500, Steve Grubb wrote:
> No, it has more to do with the fact that we have to audit all attempts to 
> modify trusted databases - in this case, shadow. No one can use these tools 
> since they do not have the permissions required to be successful. So, we 
> remove the ability to use these tools so that we don't have to audit it. 
> IOW, if we open the permissions, we need to make these become setuid root so 
> that we send audit events saying they failed.
> > I'm just curious what added security you really get.
> Its not so much a security thing as much as its a certification thing. An 
> ordinary user cannot possibly use these tools since they do not have the 
> requisite permissions.

Now I'm confused.  Why would the binary have to be suid?  Why can't the
binary detect that hte calling user is not root, and just print out the
usage and a message saying that you have to be root?  How would this
action make it any less auditable?

It seems that the cert folks have a different definition of "use" than
we do.  A normal user should be able to use the binary to get help
output, and the binary would be useful in path for things like tab
completion leading up to a sudo call.

Still wondering what "value" this is adding.

Jesse Keating
Fedora -- Freedom² is a feature!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the fedora-devel-list mailing list