[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: LSPP Requirement Specifically for Auditing



On Monday 03 October 2005 10:38, Stephen Smalley wrote:
> It seems wrong to have to make a previously non-suid program suid just for
> the sake of adding audit functionality to it, thereby potentially exposing
> the system to greater risk because of the greater privilege with which the
> entire program code runs. 

What I was thinking of doing was to drop capabilities on startup and leave 
CAP_AUDIT_WRITE since that is all we are after. I see newrole uses pam and 
that swings in a lot of code. Still, it should be safe if we drop 
capabilities very early.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]