[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: LSPP Requirement Specifically for Auditing



On Monday 03 October 2005 10:03, Stephen Smalley wrote:
> Have you considered moving the audit generation into a helper program to
> avoid having to directly make newrole suid (and to avoid having to
> directly allow newrole in policy to access the netlink audit socket)?

Newrole should be a small enough program that it can be analyzed for any 
problems. Other programs that do this are also suid root.:

[root discovery ~]# ls -l /usr/bin/newgrp
-rwsr-xr-x  1 root root 74458 Sep 27 04:14 /usr/bin/newgrp

Are you thinking of some problem that would prevent this?

I'm worried that the helper program approach could be easily abused.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]