[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: More PATH fallout. Who decided this was a good idea?



Suren Karapetyan wrote:
Steve Grubb wrote:

IOW, if we open the permissions, we need to make these become setuid root so that we send audit events saying they failed.
No you don't, cause you said yourself filesystem-level auditing is still
done.
So if someone tries to use usermod to modify /etc/passwd and hasn't the
permissions it takes, it will be logged.
usermod is just another tool to modify /etc/passwd, ...
With exactly the same reasoning You could chmod 750 /bin/vi

And, of course, /bin/bash which is equally capable of modifying files.

--
  Les Mikesell
   lesmikesell gmail com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]