On Sat, 2008-12-06 at 07:45 -0500, Steve Grubb wrote: > > No, it has more to do with the fact that we have to audit all attempts to > modify trusted databases - in this case, shadow. No one can use these tools > since they do not have the permissions required to be successful. So, we > remove the ability to use these tools so that we don't have to audit it. > > IOW, if we open the permissions, we need to make these become setuid root so > that we send audit events saying they failed. > > > > I'm just curious what added security you really get. > > Its not so much a security thing as much as its a certification thing. An > ordinary user cannot possibly use these tools since they do not have the > requisite permissions. > Now I'm confused. Why would the binary have to be suid? Why can't the binary detect that hte calling user is not root, and just print out the usage and a message saying that you have to be root? How would this action make it any less auditable? It seems that the cert folks have a different definition of "use" than we do. A normal user should be able to use the binary to get help output, and the binary would be useful in path for things like tab completion leading up to a sudo call. Still wondering what "value" this is adding. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
