On Saturday 06 December 2008 12:58:11 Joe Nall wrote: > > Because if they didn't type --help, we are going to have to log the > > attempted compromise. Sending an audit event requires CAP_AUDIT_WRITE. You > > have to be setuid root from the beginning or not at all. > > Can't a non-root user audit now that we have file system capabilities? Yes, but so far the only test we tried was soundly rejected by the Fedora community. So, I think this is a non-starter. If we couldn't do ping, we definitely can't do shadow-utils. But even if we did use the filesystem capabilities, now you have a program with elevated privileges and much more work has to be done to prove that its safe, document its internal logic, and test its protection. Any program with file system capabilities becomes a target for attack. And all this work just for --help ? Seriously. -Steve -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
