Next privilege escalation policy draft

Adam Jackson ajax at
Fri Feb 5 20:21:33 UTC 2010

On Thu, 2010-02-04 at 15:39 -0800, Adam Williamson wrote:
> On Thu, 2010-02-04 at 15:14 -0500, Adam Jackson wrote:
> > - Declaring "Read from system logs containing any information about user
> > activities" to be a privileged action, means that who(1) and last(1)
> > break, since utmp and wtmp are typically - intentionally - world
> > readable.  /var/log/ConsoleKit/history similarly.  I think this entire
> > rule is mostly subsumed under the "directly access or modify a file they
> > would usually be denied rights to" clause, though we'd probably also
> > want to define what kinds of log information are sensitive and what
> > aren't in that case, and enforce world-readability to match.
> I don't understand much about utmp and wtmp, but if appropriate they
> could be specifically excepted from the policy. Ditto the ConsoleKit
> history. What's the rationale for these being world-readable?

Unix used to be a multiuser OS, apparently. ;)

- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : 

More information about the devel mailing list