But, since this is a rarely used priviledge, you can audit its use,
if it really matters to you. [For example, configure the system so
that the program which changes priviledges refuses to do anything
until the dongle on the parallel port is properly seated, and the
logging host has responsed with a properly signed response to the
notification message.]
On the other hand, note that such security measures are not without
their own risks. Fundamentally, each priviledge has its own set of
risks, and even if an exploit doesn't give an attacker complete control
of the system a partitioned priviledge set opens up a whole new set of
exploits. [For example, given a certain level of access, you might be
able to arrange that any attempt at logging fails with a hard error...
Or consider the effect of raw socket access by a non-root user in a
supposedly secure lan environment.]
-- Raul- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu