Re: [Tiger-devel] Request reclassification of fsys004i?

[Ryan Bradetich]

Hello Javi, et all..

> > Although I basicly agree with you here, one of the reasons I would be 
> > careful when changing that to ALERT instead of INFO is that the setuid 
> > mappings for most systems are not up-to-date and, thus, accurate. This 
> > means that they cannot be trusted until tested and many of the checks 
> > (including the setuid check) might start to spit up errors because of 
> > out-of-date information.
> 
> That makes sense.  Right now these notices are being ignored by default,
> so they will probably never get updated :(  I still think that on a
> philosophical level an untracked suid / sgid file is an ALERT instead of
> an INFO (especially for root suid files).

I started working on trying to filter these messages when I realized I
was being dumb.  The tigerrc already has the capability to filter these
for us by simply disabling the file system scanning option.  Those that
care about these error simply enable the appropriate file scanning
options.

I have have generated a patch that implements this and it is available
here:

http://savannah.nongnu.org/patch/index.php?func=detailitem&item_id=2919


> > We could make it configurable wether to generate ALERT or INFO 
> > messages in this case (so that people who trust their system 
> > information can fine-tune this) but I would be hesitant to make a 
> > generic change since this would mean a lof of false positives for most 
> > systems.

I think the scanning checks should cover this nicely :)  I have included
an updated tigerrc in the above patch to maintain existing capabilities
(i.e. no suid, sgid, or world writable directory scanning).

Any issues with this method or the above patch?

Thanks!

- Ryan