On Sat, 2008-12-06 at 12:52 -0500, Steve Grubb wrote: > > Because if they didn't type --help, we are going to have to log the attempted > compromise. Sending an audit event requires CAP_AUDIT_WRITE. You have to be > setuid root from the beginning or not at all. Er, so you have to be root, in order to be audited? Doesn't that sound rather um... bad planning? Doesn't that mean a non-root user can bang on a binary all day long and never get audited? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
