Bug 333041
Summary: | Displays /var/log/audit on user desktop | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Steve Grubb <sgrubb> | ||||
Component: | gnome-vfs2 | Assignee: | Alexander Larsson <alexl> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | rawhide | CC: | davidz | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | 2.20.0-2.fc8 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-10-16 15:30:37 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 235703 | ||||||
Attachments: |
|
Description
Steve Grubb
2007-10-15 19:10:09 UTC
I'm not sure this is a bug; if the user created /var/log/audit as a separate partition it will get shown in the UI like any other partition that a) is not in a FHS2.3 location; and b) is mounted. We could avoid showing partitions that are not readable for normal users but I think if the user went through the trouble of creating a partition he probably wants to see it too. Reassigning to gnome-vfs2 since that is the component that decides what to show on your desktop. Adding myself as Cc for further discussion. Thanks for moving this to the right component. :) It is a bug. Suppose an admin creates this partition to follow Red Hat security guidelines. The partition can only be accessed by root and there are restrictions via selinux policy on the directory and its files. There are audit rules to look for anyone that may try to access or tamper with the audit logs. Meanwhile some unsuspecting user is given a fresh desktop to use and they see this icon for /var/log/audit. They will not be able to access it, they will trigger watches that the security officer will notice, and they only clicked on it because it was on their desktop and they wondered what it was. We need to remove temptation and also not advertise that the audit system is in use. As for that standard quoted above, this should be added to it if no one has taken it to the standards group yet. Who would I need to talk to about getting this added to the standard? The audit logs are the storage place for all security relevant events and must be treated carefully. Created attachment 228041 [details]
proposed patch
Steve, does this patch work for you?
Alex: We should probably rethink this when we switch to gvfs...
I've built gnome-vfs2 with this patch; you can get i686 and .src rpms here http://people.freedesktop.org/~david/gnome-vfs2-ignore-var-log-audit/ Looks like an easy enough patch; should probably get this in F8. Testing with the srpm shows that this fixes the problem. Thanks. Building this fix into Rawhide: http://koji.fedoraproject.org/koji/taskinfo?taskID=198260 |