Re: securing/monitoring Debian devel environment
On Thu, Dec 30, 2010 at 11:58 PM, Christian Kastner <email@example.com> wrote:
> to package-build-audit *only* is a pain. For example, it is easy to
> monitor *all* access to /etc/shadow or changes to /bin/login, it is
> quite hard to limit the monitoring to a *process tree* (our building
Does the build process run as root? If so, I think it shouldn't. If
not, it can't read /etc/shadow.
About elevation via sudo: don't enable/use ssh/sudo/etc from the
account you use to build.