Re: securing/monitoring Debian devel environment

To: Christian Kastner <debian@kvr.at>
Cc: debian-devel@lists.debian.org
Subject: Re: securing/monitoring Debian devel environment
From: Olaf van der Spek <olafvdspek@gmail.com>
Date: Fri, 31 Dec 2010 00:25:59 +0100
Message-id: <[🔎] AANLkTikH_RVdsJY+2_=LuT0qcqGGersg=ebnWV2-5pfE@mail.gmail.com>
In-reply-to: <[🔎] 4D1D0E7D.5030703@kvr.at>
References: <[🔎] 20101222161013.GD8747@onerussian.com> <[🔎] 4D1D0E7D.5030703@kvr.at>

On Thu, Dec 30, 2010 at 11:58 PM, Christian Kastner <debian@kvr.at> wrote:
> to package-build-audit *only* is a pain. For example, it is easy to
> monitor *all* access to /etc/shadow or changes to /bin/login, it is
> quite hard to limit the monitoring to a *process tree* (our building
> process).

Does the build process run as root? If so, I think it shouldn't. If
not, it can't read /etc/shadow.
About elevation via sudo: don't enable/use ssh/sudo/etc from the
account you use to build.

Olaf

Reply to:

References:
- securing/monitoring Debian devel environment
  - From: Yaroslav Halchenko <debian@onerussian.com>
- Re: securing/monitoring Debian devel environment
  - From: Christian Kastner <debian@kvr.at>

Prev by Date: Re: securing/monitoring Debian devel environment
Next by Date: Re: Static linking: pkgconfig vs libtool
Previous by thread: Re: securing/monitoring Debian devel environment
Next by thread: Bug#607821: ITP: haskell-strptime -- Haskell binding for strptime with some extra features
Index(es):
- Date
- Thread