Bad file access on the rise
Lennart Poettering
mzerqung at 0pointer.de
Sun Jun 9 15:07:09 UTC 2013
On Fri, 07.06.13 15:35, Steve Grubb (sgrubb at redhat.com) wrote:
> On Friday, June 07, 2013 07:29:56 PM Matthew Garrett wrote:
> > On Fri, Jun 07, 2013 at 02:02:14PM -0400, Simo Sorce wrote:
> > > The point is that we are simply throwing ideas off the wall as an aid in
> > > finding a way to solve the issue for all.
> >
> > So why not add a mechanism to permit applications to indicate that
> > certain accesses they make should be ignored by audit?
>
> We've never needed an exception in the past. What I'm reporting is there is
> now a trend on the rise where apps are trying to open files that do not belong
> to them or open them not wanting the access time updated which attempts to
> bypass forensic time stamps.
This is hardly a "new trend" btw. PA has been doing this since about
forever and has been default since Fedora 8. Which is more than 5 years
ago.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the devel
mailing list