Bad file access on the rise

Doug Ledford dledford at
Sun Jun 9 00:28:48 UTC 2013

On 06/08/2013 02:35 PM, Adam Williamson wrote:
> On Sat, 2013-06-08 at 09:25 -0400, Steve Grubb wrote:
>> Its not quite like this. What I need is the OS to be well behaved under normal 
>> conditions so that when problems come along they are easily spotted. Fedora 
>> has been a fairly well behaved OS over the years. I have had to get a few apps 
>> fixed in the past and the maintainers have always been accommodating. But this 
>> time I am finding we have a serious problem worse than in the past.
> Well, you're defining something as 'bad behaviour' fairly arbitrarily -
> or at least controversially: not everyone agrees with your definition.

Speaking as a former sysadmin responsible for intrusion detection, this
is not a controversial definition at all (namely that anything that
creates audit events without a reasonably just cause is 'bad behavior').
 It is the only sane definition of 'bad behavior'.  Anything that makes
an admin go chasing ghosts for no good reason is most definitely 'bad
behavior', and every single audit event on a system must be identifiable
by the admins before you know your system is secure.

> Continuing to simply assert that the behaviour is bad is not driving the
> conversation forward, you're just repeating a position that others have
> already raised objections to. Those who are disputing your position are
> not saying 'this behaviour is not happening', they are saying 'we
> disagree with your definition of "bad behaviour"'.
> If it's not 'bad behaviour', the fact that it didn't happen before is
> fairly irrelevant. I could come up with any arbitrary 'test' for some
> action that Fedora 19 does that Fedora 18 does not; that doesn't mean I
> can then show up on the list waving my test results about and declaring
> that there's a problem. First there has to be solid agreement that I'm
> actually testing for something we shouldn't be doing.

More information about the devel mailing list