More PATH fallout. Who decided this was a good idea?
Miloslav Trmač
mitr at volny.cz
Sun Dec 7 17:20:17 UTC 2008
Jesse Keating píše v Ne 07. 12. 2008 v 09:11 -0800:
> On Sun, 2008-12-07 at 17:00 +0000, Miloslav Trmač wrote:
> > More exactly, it is "after admins stop playing nice, all bets are off".
> > The system is supposed to audit all attempts to violate the security
> > policy up to the first successful violation,
>
> But only through pre-approved interfaces... what if the admin doesn't
> use any of those for their first attempts? (why would an admin use any
> of those?)
Nobody can prevent you from configuring the system in a way that doesn't
allow auditing, nor from doing other unexpected - whether useful or
stupid - things.
But you can choose to configure the system in a way that makes audit
useful.
(The lower-level attacks like direct modification of /etc/shadow are
audited as well, but as attacks "against the file", not "against a
specific user". In either case the event and the administrator are
identified.)
Mirek
More information about the fedora-devel-list
mailing list