On Sat, 2008-12-06 at 10:12 -0800, Jesse Keating wrote: > On Sat, 2008-12-06 at 13:07 -0500, Steve Grubb wrote: > > Nope, we took the perms away. Problem solved. :) > > > > Er, you took the perms away from the one we ship, but not one that a > user can gather from the network, or copy in from elsewhere. Surely > you'd want to audit any attempt at these things, not just from root > level users? Furthermore, we're supposedly gaining security by preventing *unprivileged* user accounts from executing usermod, yet an ACTUAL compromised scenario, like oh say breaking into root with a privilege escalation vulnerability and modifying passwd and shadow directly with kernel syscalls, goes unaudited? Am I the only one who thinks this security model is mindbogglingly broken and nothing more than security masturbation? If you're not auditing at a lower level than executing /bin/usermod, you are DOING IT WRONG period.
Description: This is a digitally signed message part