More PATH fallout. Who decided this was a good idea?

Les Mikesell lesmikesell at
Sun Dec 7 23:34:18 UTC 2008

Miloslav Trmač wrote:
> Jesse Keating píše v Ne 07. 12. 2008 v 15:05 -0800:
>> On Mon, 2008-12-08 at 10:03 +1100, Andrew Bartlett wrote:
>>> Perhaps I'm a bit slow this morning, but vipw is forbidden but
>>> vi /etc/passwd isn't?
>> I think he means "forbidden by policy" in which using anything /but/ the
>> audit-able tools is "forbidden by policy".  If you're expecting
>> everybody to follow policy, why not just set policy that says "don't
>> hack this box".  That'll work right?

> Violations of "don't hack this box" don't generate audit messages that
> can be manually examined for actual intrusions.  Violations of "don't
> access /etc/shadow manually" do.

Is attempting an access that the kernel routinely prevents considered a 
violation?  That is, if I type 'file /etc/*' on such a system should I 
expect the black helicopters to start firing?  I don't see how accesses 
that are denied matter to anyone - or why anyone running the 
shadow-tools utility without permission to access the relevant files 
should bother anyone either.

   Les Mikesell
    lesmikesell at

More information about the fedora-devel-list mailing list