On Fri, 20 Oct 2006 17:00:28 +1000, Russell Coker said: > On Thursday 19 October 2006 23:21, Daniel J Walsh <[EMAIL PROTECTED]> wrote: > > If we then remove -l from newrole we are done? > > Why remove it? Why not just cease using it and leave it there for other > people who have different needs?
I suspect that it wouldn't fly during an eval, because even if unused, it would be a possible avenue to bypass the evel'ed config. You'd probably have to add a flag of some sort someplace that said if it was permitted. (If done inside PAM, having the .so have an option 'allow-dash-l' and submitting for eval with it not present would probably be OK).
pgp1KbxJKzL6y.pgp
Description: PGP signature
-- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
