On Thu, 2010-02-04 at 15:39 -0800, Adam Williamson wrote: > On Thu, 2010-02-04 at 15:14 -0500, Adam Jackson wrote: > > - Declaring "Read from system logs containing any information about user > > activities" to be a privileged action, means that who(1) and last(1) > > break, since utmp and wtmp are typically - intentionally - world > > readable. /var/log/ConsoleKit/history similarly. I think this entire > > rule is mostly subsumed under the "directly access or modify a file they > > would usually be denied rights to" clause, though we'd probably also > > want to define what kinds of log information are sensitive and what > > aren't in that case, and enforce world-readability to match. > > I don't understand much about utmp and wtmp, but if appropriate they > could be specifically excepted from the policy. Ditto the ConsoleKit > history. What's the rationale for these being world-readable? Unix used to be a multiuser OS, apparently. ;) - ajax
Attachment:
signature.asc
Description: This is a digitally signed message part
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel