Magic paths for service registration

Florian Weimer fweimer at
Wed Jun 12 14:16:44 UTC 2013

On 06/10/2013 10:10 AM, Florian Weimer wrote:
> I'm investigating things beyond SUID/SGID which are related to trust
> transitions and visible in the file system, mainly due to the use of
> magic paths.  I'm aiming for a fairly general concept of "trust
> transition", and I include altering browser actions when clicking on a
> hyperlink as far as they are influenced by file type registrations.
> Here's what I came up with so far.  I only include things that can
> somehow be hooked by packages, which rules out files such as
> /etc/inittdb and user crontabs.

I should have mentioned that I'm interested in feedback—does this make 
sense (as an extension of SUID/SGID auditing), and is this set of paths 
reasonably complete?

Florian Weimer / Red Hat Product Security Team

More information about the devel mailing list