[Bug 491430] Review Request: sslogger - A keystroke logging utility for privileged user escalation

[bugzilla at redhat.com]

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=491430





--- Comment #13 from Ed Brand <edbrand at brandint.com>  2009-05-03 23:36:48 EDT ---
OK, apologies for the delay. Had a series of personal issues to resolve.

In reading through the comments, here is a summary of what we've got..
a/ no issue
b/ no issue
c/ no issue
d/ no issue
e/ no issue
f/ no issue
g/ * W: non-standard-uid /usr/bin/sslogger slogger
h/ * E: setuid-binary /usr/bin/sslogger slogger 06555
i/ * E: non-standard-dir-perm /var/log/sl 0750
j/ in progress...
k/ no issue
l/ convince me of the need of %pre, %post, %prein
m/ no issue
n/ no issue
README ... in progress


So lets start a dialogue on the suid, user/group, and permission:

Here is what I was looking to accomplish:
  - Create a binary which allows the user to gain access to another user's
account, including root, whilst logging all keystrokes. 
  - Create group of users "sloggers"  whose members are permitted to
review/audit other users activities. Hence the /i 750     


Breaking it down,
g/ I need a suid user/group, as I am reluctant to create a suid root binary.
True the Makefile installed as suid root which the spec file later changes
permission to the other "non standard" user/group in the %pre/%post. This is
related to /k. 
h/ The log files are written at a lower privilege level and not as root.  
i/ The permission on the directory are set to exclude users that are not in the
audit group "sloggers"
l/ Needed to create a non-root logging audit directory. As stated, I am
reluctant to crate a suid/sgid root binary.  

I am open to suggestions to resolve the above.

Thanks

-Ed

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.