Miloslav Trmač wrote:
Jesse Keating píše v Ne 07. 12. 2008 v 15:05 -0800:
On Mon, 2008-12-08 at 10:03 +1100, Andrew Bartlett wrote:
Perhaps I'm a bit slow this morning, but vipw is forbidden but
vi /etc/passwd isn't?
I think he means "forbidden by policy" in which using anything /but/ the
audit-able tools is "forbidden by policy". If you're expecting
everybody to follow policy, why not just set policy that says "don't
hack this box". That'll work right?
Violations of "don't hack this box" don't generate audit messages that
can be manually examined for actual intrusions. Violations of "don't
access /etc/shadow manually" do.
Is attempting an access that the kernel routinely prevents considered a
violation? That is, if I type 'file /etc/*' on such a system should I
expect the black helicopters to start firing? I don't see how accesses
that are denied matter to anyone - or why anyone running the
shadow-tools utility without permission to access the relevant files
should bother anyone either.
--
Les Mikesell
lesmikesell@xxxxxxxxx
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
