* Stephen Frost ([EMAIL PROTECTED]) [051026 20:13]: > * Thomas Bushnell BSG ([EMAIL PROTECTED]) wrote: > > Stephen Frost <[EMAIL PROTECTED]> writes: > > > Same way you know that the system administrator hasn't modified a file > > > in /usr/bin. > > > > Um, I know that by comparing the contents against a known-true > > version. How do I detect whether the system administrator has used a > > UID? > > Except last I checked, we don't do such comparison. If you really > wanted to know if the UID was used you could do a find /, etc. Neither > is necessary though, which is the point. > > > Moreover, the consequences of getting the one wrong are that you > > delete the sysadmin's changes. The consequences of the other are an > > important and difficult-to-detect security hole. > > This is just patently false, as has been pointed out elsewhere. What > security hole, exactly, is created by orphaning a file?
Well, if some process (maybe within the package) creates a private log file that contains sensitive information, and this log file can later on be read by a process with much less privileges, this is usually considered as security relevant issue. Cheers, Andi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
