Bad file access on the rise

Matthew Garrett mjg59 at srcf.ucam.org
Fri Jun 7 18:52:35 UTC 2013


On Fri, Jun 07, 2013 at 08:38:56PM +0200, Miloslav Trma─Ź wrote:
> On Fri, Jun 7, 2013 at 8:29 PM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
> > So why not add a mechanism to permit applications to indicate that
> > certain accesses they make should be ignored by audit?
> 
> Because it would be primarily useful to the attackers' applications.
> Or am I missing something?  (BTW, audit already has something like
> "dontaudit" rules.  But it has limited information to work with.)

If the attacker has root then the attacker can just change the file 
permissions anyway?

-- 
Matthew Garrett | mjg59 at srcf.ucam.org


More information about the devel mailing list