More PATH fallout. Who decided this was a good idea?
Joe Nall
joe at nall.com
Sat Dec 6 17:58:11 UTC 2008
On Dec 6, 2008, at 11:52 AM, Steve Grubb wrote:
> On Saturday 06 December 2008 11:56:31 Jesse Keating wrote:
>> ordinary user cannot possibly use these tools since they do not
>> have the
>>
>>> requisite permissions.
>>
>> Now I'm confused. Why would the binary have to be suid?
>
> Because if they didn't type --help, we are going to have to log the
> attempted
> compromise. Sending an audit event requires CAP_AUDIT_WRITE. You
> have to be
> setuid root from the beginning or not at all.
Can't a non-root user audit now that we have file system capabilities?
joe
More information about the devel
mailing list