Re: Bits from the release team: the plans for etch
* Stephen Frost (firstname.lastname@example.org) [051026 20:13]:
> * Thomas Bushnell BSG (email@example.com) wrote:
> > Stephen Frost <firstname.lastname@example.org> writes:
> > > Same way you know that the system administrator hasn't modified a file
> > > in /usr/bin.
> > Um, I know that by comparing the contents against a known-true
> > version. How do I detect whether the system administrator has used a
> > UID?
> Except last I checked, we don't do such comparison. If you really
> wanted to know if the UID was used you could do a find /, etc. Neither
> is necessary though, which is the point.
> > Moreover, the consequences of getting the one wrong are that you
> > delete the sysadmin's changes. The consequences of the other are an
> > important and difficult-to-detect security hole.
> This is just patently false, as has been pointed out elsewhere. What
> security hole, exactly, is created by orphaning a file?
Well, if some process (maybe within the package) creates a private log
file that contains sensitive information, and this log file can later on
be read by a process with much less privileges, this is usually
considered as security relevant issue.