[Pm-utils] some simple patches from fedora

Victor Lowther victor.lowther at gmail.com
Wed Jan 30 07:24:40 PST 2008


On Jan 30, 2008 9:11 AM, Till Maas <opensource at till.name> wrote:
> On Wed January 30 2008, Stefan Seyfried wrote:
>
> > If somebody managed to get a symlink where the logfile should be, you are
> > fscked. So i think this is less secure.
>
> And what if somebody gets /usr/lib/pm-utils/bin/pm-action to be an arbitrary
> binary? Then you are fscked, too. I do not see the point, how changing the
> logfile is easier than changing any other component of pm-utils.

True.  The way to defend against these scenarios is to ensure that all
our files and directories are owned by and only writable by root.  If
an intruder already has root, pm-utils cannot defend against any
actions that user can take.

> Regards,
> Till
>
>
> _______________________________________________
> Pm-utils mailing list
> Pm-utils at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/pm-utils
>
>


More information about the Pm-utils mailing list