LSPP Requirement Specifically for Auditing
Steve Grubb
sgrubb at redhat.com
Mon Oct 3 14:22:38 UTC 2005
On Monday 03 October 2005 10:03, Stephen Smalley wrote:
> Have you considered moving the audit generation into a helper program to
> avoid having to directly make newrole suid (and to avoid having to
> directly allow newrole in policy to access the netlink audit socket)?
Newrole should be a small enough program that it can be analyzed for any
problems. Other programs that do this are also suid root.:
[root at discovery ~]# ls -l /usr/bin/newgrp
-rwsr-xr-x 1 root root 74458 Sep 27 04:14 /usr/bin/newgrp
Are you thinking of some problem that would prevent this?
I'm worried that the helper program approach could be easily abused.
-Steve
More information about the Linux-audit
mailing list