More PATH fallout. Who decided this was a good idea?
Miloslav Trmač
mitr at volny.cz
Sun Dec 7 17:00:40 UTC 2008
Jesse Keating píše v Ne 07. 12. 2008 v 08:51 -0800:
> I have yet to see anything in your definition of CAPP that adds real
> security to our system. What I get out of it so far is "If all the
> admins play nice, we can track what they're doing". But if admins stop
> playing nice, all bets are off. What kind of security is that?
More exactly, it is "after admins stop playing nice, all bets are off".
The system is supposed to audit all attempts to violate the security
policy up to the first successful violation, so it should identify at
least one accomplice. If you have an accomplice, you have a specific
lead for further investigation.
Mirek
More information about the fedora-devel-list
mailing list