[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: auid



>so in the absence of SELinux (e.g. CAPP-only configuration), any uid 0 process
>can mutate its loginuid later to mask the original one,

Or it can delete the audit logs or re-write syslog or install a rootkit covering
everything up. The only defence against this kind of tampering is remote logging.

>and in the presence of SELinux, any program authorized for audit_control can 
>mutate its loginuid later (so a smaller exposure, but still a possibility).

So...why doesn't policy restrict this even further so that the 10 apps that need
to set this are the *only* ones that can do so?

The list is: login, sshd, vsftpd, postfix, procmail, cron, at, gdm, kdm, & xdm.

-Steve

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]