[Bug 491430] Review Request: sslogger - A keystroke logging utility for privileged user escalation
bugzilla at redhat.com
bugzilla at redhat.com
Mon May 4 03:36:50 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=491430
--- Comment #13 from Ed Brand <edbrand at brandint.com> 2009-05-03 23:36:48 EDT ---
OK, apologies for the delay. Had a series of personal issues to resolve.
In reading through the comments, here is a summary of what we've got..
a/ no issue
b/ no issue
c/ no issue
d/ no issue
e/ no issue
f/ no issue
g/ * W: non-standard-uid /usr/bin/sslogger slogger
h/ * E: setuid-binary /usr/bin/sslogger slogger 06555
i/ * E: non-standard-dir-perm /var/log/sl 0750
j/ in progress...
k/ no issue
l/ convince me of the need of %pre, %post, %prein
m/ no issue
n/ no issue
README ... in progress
So lets start a dialogue on the suid, user/group, and permission:
Here is what I was looking to accomplish:
- Create a binary which allows the user to gain access to another user's
account, including root, whilst logging all keystrokes.
- Create group of users "sloggers" whose members are permitted to
review/audit other users activities. Hence the /i 750
Breaking it down,
g/ I need a suid user/group, as I am reluctant to create a suid root binary.
True the Makefile installed as suid root which the spec file later changes
permission to the other "non standard" user/group in the %pre/%post. This is
related to /k.
h/ The log files are written at a lower privilege level and not as root.
i/ The permission on the directory are set to exclude users that are not in the
audit group "sloggers"
l/ Needed to create a non-root logging audit directory. As stated, I am
reluctant to crate a suid/sgid root binary.
I am open to suggestions to resolve the above.
Thanks
-Ed
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-package-review
mailing list