On Monday 03 October 2005 10:03, Stephen Smalley wrote:
Have you considered moving the audit generation into a helper program
to
avoid having to directly make newrole suid (and to avoid having to
directly allow newrole in policy to access the netlink audit socket)?
Newrole should be a small enough program that it can be analyzed for any
problems. Other programs that do this are also suid root.:
[root@discovery ~]# ls -l /usr/bin/newgrp
-rwsr-xr-x 1 root root 74458 Sep 27 04:14 /usr/bin/newgrp
Are you thinking of some problem that would prevent this?
I'm worried that the helper program approach could be easily abused.
-Steve