[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: More PATH fallout. Who decided this was a good idea?



Jesse Keating píše v Ne 07. 12. 2008 v 09:11 -0800:
> On Sun, 2008-12-07 at 17:00 +0000, Miloslav Trmač wrote:
> > More exactly, it is "after admins stop playing nice, all bets are off".
> > The system is supposed to audit all attempts to violate the security
> > policy up to the first successful violation, 
> 
> But only through pre-approved interfaces... what if the admin doesn't
> use any of those for their first attempts?  (why would an admin use any
> of those?)
Nobody can prevent you from configuring the system in a way that doesn't
allow auditing, nor from doing other unexpected - whether useful or
stupid - things.

But you can choose to configure the system in a way that makes audit
useful.

(The lower-level attacks like direct modification of /etc/shadow are
audited as well, but as attacks "against the file", not "against a
specific user".  In either case the event and the administrator are
identified.)
	Mirek


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]