On Thu, Jan 06, 2022 at 08:48:52AM -0800, Adam Williamson wrote: > On Thu, 2022-01-06 at 16:16 +0000, Zbigniew Jędrzejewski-Szmek wrote: > > > > I know that you said that the scripts are needed because of "magic stuff™" > > that the scripts do, but sorry, that's not a justification: *everything* that > > can be done using a shell script can also be reimplemented independently. > > Right now audit pulls in the whole initscripts stack, this should all be replaced > > by some small helper. (Maybe a separate binary, or a small shell script, or > > maybe something in auditctl…. I don't know because I don't know audit.) > > As I understand the bug, it's not a question of whether the thing can > be done, but whether it can be known *who did it*. There is no magic functionality in the kernel that specifically records that something was executed by some specific script. If that scripts sends a signal somewhere, you can send the same signal with the same sender info and the same privileges using bash/python/C/Rust or even assembly. So the "who did it" information can be provided in a different way without pulling in the initscripts stack, or it is bogus, or maybe even both. Zbyszek _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
