LSPP Requirement Specifically for Auditing
Steve Grubb
sgrubb at redhat.com
Mon Oct 3 14:57:22 UTC 2005
On Monday 03 October 2005 10:38, Stephen Smalley wrote:
> It seems wrong to have to make a previously non-suid program suid just for
> the sake of adding audit functionality to it, thereby potentially exposing
> the system to greater risk because of the greater privilege with which the
> entire program code runs.
What I was thinking of doing was to drop capabilities on startup and leave
CAP_AUDIT_WRITE since that is all we are after. I see newrole uses pam and
that swings in a lot of code. Still, it should be safe if we drop
capabilities very early.
-Steve
More information about the Linux-audit
mailing list