[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: LSPP Requirement Specifically for Auditing



On Mon, 2005-10-03 at 10:57 -0400, Steve Grubb wrote:
> On Monday 03 October 2005 10:38, Stephen Smalley wrote:
> > It seems wrong to have to make a previously non-suid program suid just for
> > the sake of adding audit functionality to it, thereby potentially exposing
> > the system to greater risk because of the greater privilege with which the
> > entire program code runs. 
> 
> What I was thinking of doing was to drop capabilities on startup and leave 
> CAP_AUDIT_WRITE since that is all we are after. I see newrole uses pam and 
> that swings in a lot of code. Still, it should be safe if we drop 
> capabilities very early.

Even better if we put newrole into its own domain in the targeted policy
and only allow it to use that capability in the policy.

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]