Re: [gdm-list] Audit code for GDM
- From: Steve Grubb <sgrubb redhat com>
- To: "Ray Strode" <halfline gmail com>
- Cc: Gary Winiger <gww eng sun com>, gdm-list gnome org
- Subject: Re: [gdm-list] Audit code for GDM
- Date: Mon, 4 Feb 2008 18:11:08 -0500
On Monday 04 February 2008 17:53:31 Ray Strode wrote:
> Hi again,
>
> > > > I suspect that you might want to clean this code up a bit. It
> > > > might be nicer if it were making use of GObjects and subclassing
> > > > rather than #ifdef's. Not sure...
> > >
> > > Looking through the patch I think there are a few things we can do to
> > > clean things up a bit. I don't have time to do a run through right
> > > now though. I'll try to post some comments/patches early next week.
> >
> > So, I took your patch and wrapped it inside gobjects, so that it fits
> > in with the overall style of the rest of the code.
> >
> > Patch attached. I'd appreciate it you could review it and test it.
>
> I've put an updated patch up here:
>
> http://www.gnome.org/~halfline/gdm-audit.patch
>
> This patch addresses a few issues Brian found on IRC, and adds caching
> to the solaris auditing code so that getpwnam() doesn't get called
> several times.
From a quick read through it looks OK to me. I'll see if I can test it at some
point.
I've been looking at our new security requirements, there is a need to log
whoever issues the shutdown/reboot command for the system. Recently, I've
noticed in rawhide that you have to log out in order to issue shutdown. If
you log out, we can't tell who's issuing the shutdown since they are now
unauthenticated. :)
And, seems like we may need to audit a user's responce to a typical govt login
banner (this is a govt computer, use is subject to monitoring, blah blah
blah, do you accept these conditions). I'm not quite ready for this one, but
thought I'd just mention it.
-Steve
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
