More PATH fallout. Who decided this was a good idea?

Les Mikesell lesmikesell at gmail.com
Mon Dec 8 17:31:49 UTC 2008


Suren Karapetyan wrote:
> Steve Grubb wrote:
>
>> IOW, if we open the permissions, we need to make these become setuid root so 
>> that we send audit events saying they failed.
>>   
> No you don't, cause you said yourself filesystem-level auditing is still
> done.
> So if someone tries to use usermod to modify /etc/passwd and hasn't the
> permissions it takes, it will be logged.
> usermod is just another tool to modify /etc/passwd, ...
> With exactly the same reasoning You could chmod 750 /bin/vi

And, of course, /bin/bash which is equally capable of modifying files.

-- 
   Les Mikesell
    lesmikesell at gmail.com




More information about the devel mailing list