LSPP Requirement Specifically for Auditing
Stephen Smalley
sds at tycho.nsa.gov
Mon Oct 3 16:04:12 UTC 2005
On Mon, 2005-10-03 at 10:57 -0400, Steve Grubb wrote:
> On Monday 03 October 2005 10:38, Stephen Smalley wrote:
> > It seems wrong to have to make a previously non-suid program suid just for
> > the sake of adding audit functionality to it, thereby potentially exposing
> > the system to greater risk because of the greater privilege with which the
> > entire program code runs.
>
> What I was thinking of doing was to drop capabilities on startup and leave
> CAP_AUDIT_WRITE since that is all we are after. I see newrole uses pam and
> that swings in a lot of code. Still, it should be safe if we drop
> capabilities very early.
Even better if we put newrole into its own domain in the targeted policy
and only allow it to use that capability in the policy.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list