More PATH fallout. Who decided this was a good idea?

Chris Adams cmadams at hiwaay.net
Sun Dec 7 01:59:44 UTC 2008


Once upon a time, Steve Grubb <sgrubb at redhat.com> said:
> On Saturday 06 December 2008 00:55:24 Jesse Keating wrote:
> >  These are required to be this way for our Common Criteria evaluations.
> >
> > Is the thought here that if the code can be executed by a non-root user,
> > the audit of the code would have to be far more strict?
> 
> No, it has more to do with the fact that we have to audit all attempts to 
> modify trusted databases - in this case, shadow. No one can use these tools 
> since they do not have the permissions required to be successful. So, we 
> remove the ability to use these tools so that we don't have to audit it. 
> 
> IOW, if we open the permissions, we need to make these become setuid root so 
> that we send audit events saying they failed.

Then later, Steve Grubb <sgrubb at redhat.com> said:
> > So "cat >> /etc/shadow" is audited?
>
> Of course.

So cat will have to be setuid root so it can audit?  What about echo,
bash, perl, etc.?

This is absurd.
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.




More information about the fedora-devel-list mailing list