LSPP Requirement Specifically for Auditing
schaufler-ca.com - Casey Schaufler
casey at schaufler-ca.com
Mon Oct 3 16:07:04 UTC 2005
On Monday 03 October 2005 10:03, Stephen Smalley wrote:
> Have you considered moving the audit generation into a helper program
to
> avoid having to directly make newrole suid (and to avoid having to
> directly allow newrole in policy to access the netlink audit socket)?
Our experiance with helper programs was that they
are not very helpful from an assurance perspective.
Sure, you isolate the priviliged code, but you still
have to demonstrate that the unprivileged program
that invokes it does so correctly. In this case you
still have to trust newrole, even though it isn't
setuid, because it would invoke a helper that is.
Steve's suggestion that he'll use capabilities to
reduce the exposure is very sensible.
------------------------
Casey Schaufler
casey at schaufler-ca.com
650.906.1780
More information about the Linux-audit
mailing list