On Fri, 15 Sep 2006 15:36:49 EDT, Steve Grubb said: > On Friday 15 September 2006 15:28, Stephen Smalley wrote: > > Are you sure? Â What do you want to audit? > > newrole -r typoinrolename ? > > newrole -r sysadm_r for user not authorized for that role? > > any error exit path out of newrole? > > > > The first two cases look exactly identical to newrole btw - it just gets > > an error from security_check_context() telling it that the context > > wasn't valid, not why. > > I think we only need to say that the result was a failure. We do not need to > say why it failed.
Does it make sense to just log what information we *do* know, and hope there's enough for a human to tell what happened? Or does this run into the same sort of data-disclosure issues that logging the userid on invalid password attempts has (namely, that if the user has gotten "out of sync", they may type their password in response to the Userid: prompt and cause it to be logged in cleartext). Or should security_check_context() return a more featureful return code in case of an error?
pgpjWxydO0CRr.pgp
Description: PGP signature
-- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
