Re: More PATH fallout. Who decided this was a good idea?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Dec 6, 2008, at 11:52 AM, Steve Grubb wrote:


On Saturday 06 December 2008 11:56:31 Jesse Keating wrote:
ordinary user cannot possibly use these tools since they do not have the 


requisite permissions.


Now I'm confused.  Why would the binary have to be suid?
Because if they didn't type --help, we are going to have to log the attempted compromise. Sending an audit event requires CAP_AUDIT_WRITE. You have to be 
setuid root from the beginning or not at all.


Can't a non-root user audit now that we have file system capabilities?

joe

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux