What are these for?

Reindl Harald h.reindl at thelounge.net
Wed Nov 21 14:55:30 UTC 2012 


Am 21.11.2012 15:38, schrieb lee:
> Matthew Miller <mattdm at fedoraproject.org> writes:
>> Because the syslog interface isn't secure. 
> 
> How come?  Only root can read the logfile.

THE INTERFACE

it is not trustable which process generates / fakes a record
also you do not want all from /var/log/secure mixed in messages

>> That's a classic sysadmin's dilemma. It would be nice to have some good open
>> source processing, analysis, and correlation tools.
> 
> Since we don't have them, how useful is it?

useful enough because /var/log/secure is a more sensible
thing than "normal" messages from /var/log/messages

>>> Will it at least send me an email when something happens I should know
>>> about?
>>
>> You could configure it that way.
> 
> Is there some documentation about this?

man crontab
man grep
man echo

any output from a application / script started via crond
goes into a mail to root

> And how do you know or make sure that some software uses your password
> only for that?

if you do not trust the author do not use the software

but you refuse to understand the main difference having
things permanently running as root or only request root
pwd if it is really needed AND you can refuse to permit

> Users are not supposed to change it at all, not even with extra
> authentication.

so read manpages and restrict if things are allowed
the sudo way with users password and for the things
needing the root password: they CAN'T at all

> Then polkit doesn't do me any good.  Even if emacs and ls were using it,
> it would be very annoying having to enter a password all the time.

>> It wouldn't. In a GUI, polkit has a distinctive, separate dialog box it uses
>> to ask for authentication. It's absolutely true that spoofing this sort of
>> dialog is a concern.
> 
> So yes, it decreases security instead of increasing it.

NO how do you come to that conclusion?

it is about you if you enter root password in a
randomly popping up window

> What difference does it make which password is supplied when with the
> password things can be done that are relevant for security?  Why should
> I give my password again when I'm already logged in and the system knows
> who I am?

what about drive-by-attacks?
what about leave the room for a minute and forget lock the screen?
what about malware trying things with your current permissions

ANY security relevant task has to be confirmed with
a password independent if you are logged in or not

> The alternate implemantation is su.  It's much simpler and more secure
> already by being much simpler than polkit.  It's also much more
> efficient.  Polkit is insecure by design because it gets users used to
> enter their password everywhere.

users entering their password EVERWHERE have already lost
ANY security fight - sorry, but this argumentation is invalid
because ORDINARY user tasks do NOT request a password

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20121121/86a39ab9/attachment.sig>

More information about the users mailing list