On Saturday 06 December 2008 13:28:44 Callum Lerwick wrote: > Furthermore, we're supposedly gaining security by preventing > *unprivileged* user accounts from executing usermod, yet an ACTUAL > compromised scenario, like oh say breaking into root with a privilege > escalation vulnerability and modifying passwd and shadow directly with > kernel syscalls, goes unaudited? No one ever said that. > Am I the only one who thinks this security model is mindbogglingly > broken and nothing more than security masturbation? I think you aren't looking at all the pieces to see how it fits together. > If you're not auditing at a lower level than executing /bin/usermod, you > are DOING IT WRONG period. That is being audited at a lower level, too. -Steve -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
