Initial draft of privilege escalation policy
Steve Grubb
sgrubb at redhat.com
Sat Jan 23 23:58:32 UTC 2010
On Wednesday 20 January 2010 01:50:21 pm Stephen John Smoogen wrote:
> >> * Write to system logs (with the exception that the 'cause to be
> >> performed' provision is waived in this case)
> >
> > Huh ? The mere fact of me logging in will cause system logs to be
> > written...
>
> You are not writing directly to /var/log/messages. You log in and
> login sends a message to syslogd which writes to the log.
Syslog has *no* integrity guarantees, only the audit logs do. Any user can run
the /usr/bin/logger program and flood syslog. You can also call openlog() and
tell it you are the kernel. Syslog is worthless from a security PoV.
-Steve
More information about the test
mailing list