More PATH fallout. Who decided this was a good idea?
Chris Adams
cmadams at hiwaay.net
Sun Dec 7 01:59:44 UTC 2008
Once upon a time, Steve Grubb <sgrubb at redhat.com> said:
> On Saturday 06 December 2008 00:55:24 Jesse Keating wrote:
> > These are required to be this way for our Common Criteria evaluations.
> >
> > Is the thought here that if the code can be executed by a non-root user,
> > the audit of the code would have to be far more strict?
>
> No, it has more to do with the fact that we have to audit all attempts to
> modify trusted databases - in this case, shadow. No one can use these tools
> since they do not have the permissions required to be successful. So, we
> remove the ability to use these tools so that we don't have to audit it.
>
> IOW, if we open the permissions, we need to make these become setuid root so
> that we send audit events saying they failed.
Then later, Steve Grubb <sgrubb at redhat.com> said:
> > So "cat >> /etc/shadow" is audited?
>
> Of course.
So cat will have to be setuid root so it can audit? What about echo,
bash, perl, etc.?
This is absurd.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the fedora-devel-list
mailing list