More PATH fallout. Who decided this was a good idea?

[Steve Grubb]

On Saturday 06 December 2008 12:59:33 Jesse Keating wrote:
> Er, so you have to be root, in order to be audited?

No, you have to have CAP_AUDIT_WRITE to send audit events.

> Doesn't that sound rather um... bad planning?

No, its working rather well.

> Doesn't that mean a non-root user can bang on a binary all day long and
> never get audited?

Nope, we took the perms away. Problem solved. :)

-Steve