Next privilege escalation policy draft
Adam Jackson
ajax at redhat.com
Fri Feb 5 20:21:33 UTC 2010
On Thu, 2010-02-04 at 15:39 -0800, Adam Williamson wrote:
> On Thu, 2010-02-04 at 15:14 -0500, Adam Jackson wrote:
> > - Declaring "Read from system logs containing any information about user
> > activities" to be a privileged action, means that who(1) and last(1)
> > break, since utmp and wtmp are typically - intentionally - world
> > readable. /var/log/ConsoleKit/history similarly. I think this entire
> > rule is mostly subsumed under the "directly access or modify a file they
> > would usually be denied rights to" clause, though we'd probably also
> > want to define what kinds of log information are sensitive and what
> > aren't in that case, and enforce world-readability to match.
>
> I don't understand much about utmp and wtmp, but if appropriate they
> could be specifically excepted from the policy. Ditto the ConsoleKit
> history. What's the rationale for these being world-readable?
Unix used to be a multiuser OS, apparently. ;)
- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20100205/3f2548b6/attachment.bin
More information about the devel
mailing list