On Thu, Dec 30, 2010 at 11:58 PM, Christian Kastner <deb...@kvr.at> wrote: > to package-build-audit *only* is a pain. For example, it is easy to > monitor *all* access to /etc/shadow or changes to /bin/login, it is > quite hard to limit the monitoring to a *process tree* (our building > process).
Does the build process run as root? If so, I think it shouldn't. If not, it can't read /etc/shadow. About elevation via sudo: don't enable/use ssh/sudo/etc from the account you use to build. Olaf -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktikh_rvdsjy+2_=lut0qcqggersg=ebnwv2-5...@mail.gmail.com
