>so in the absence of SELinux (e.g. CAPP-only configuration), any uid 0 process >can mutate its loginuid later to mask the original one, Or it can delete the audit logs or re-write syslog or install a rootkit covering everything up. The only defence against this kind of tampering is remote logging. >and in the presence of SELinux, any program authorized for audit_control can >mutate its loginuid later (so a smaller exposure, but still a possibility). So...why doesn't policy restrict this even further so that the 10 apps that need to set this are the *only* ones that can do so? The list is: login, sshd, vsftpd, postfix, procmail, cron, at, gdm, kdm, & xdm. -Steve __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
