More PATH fallout. Who decided this was a good idea?
Les Mikesell
lesmikesell at gmail.com
Sun Dec 7 23:34:18 UTC 2008
Miloslav Trmač wrote:
> Jesse Keating píše v Ne 07. 12. 2008 v 15:05 -0800:
>> On Mon, 2008-12-08 at 10:03 +1100, Andrew Bartlett wrote:
>>> Perhaps I'm a bit slow this morning, but vipw is forbidden but
>>> vi /etc/passwd isn't?
>> I think he means "forbidden by policy" in which using anything /but/ the
>> audit-able tools is "forbidden by policy". If you're expecting
>> everybody to follow policy, why not just set policy that says "don't
>> hack this box". That'll work right?
> Violations of "don't hack this box" don't generate audit messages that
> can be manually examined for actual intrusions. Violations of "don't
> access /etc/shadow manually" do.
Is attempting an access that the kernel routinely prevents considered a
violation? That is, if I type 'file /etc/*' on such a system should I
expect the black helicopters to start firing? I don't see how accesses
that are denied matter to anyone - or why anyone running the
shadow-tools utility without permission to access the relevant files
should bother anyone either.
--
Les Mikesell
lesmikesell at gmail.com
More information about the devel
mailing list