[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: More PATH fallout. Who decided this was a good idea?

From: Miloslav Trmač <mitr volny cz>
To: Development discussions related to Fedora <fedora-devel-list redhat com>
Subject: Re: More PATH fallout. Who decided this was a good idea?
Date: Sun, 07 Dec 2008 23:09:24 +0000

Jesse Keating píše v Ne 07. 12. 2008 v 15:05 -0800:
> On Mon, 2008-12-08 at 10:03 +1100, Andrew Bartlett wrote:
> > 
> > Perhaps I'm a bit slow this morning, but vipw is forbidden but
> > vi /etc/passwd isn't?
> 
> I think he means "forbidden by policy" in which using anything /but/ the
> audit-able tools is "forbidden by policy".  If you're expecting
> everybody to follow policy, why not just set policy that says "don't
> hack this box".  That'll work right?
Violations of "don't hack this box" don't generate audit messages that
can be manually examined for actual intrusions.  Violations of "don't
access /etc/shadow manually" do.
	Mirek

Follow-Ups:
- Re: More PATH fallout. Who decided this was a good idea?
  - From: Les Mikesell

References:
- More PATH fallout. Who decided this was a good idea?
  - From: Callum Lerwick
- Re: More PATH fallout. Who decided this was a good idea?
  - From: Steve Grubb
- Re: More PATH fallout. Who decided this was a good idea?
  - From: Enrico Scholz
- Re: More PATH fallout. Who decided this was a good idea?
  - From: Steve Grubb
- Re: More PATH fallout. Who decided this was a good idea?
  - From: Andrew Bartlett
- Re: More PATH fallout. Who decided this was a good idea?
  - From: Jesse Keating

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]