|
Message-ID: <20041022123237.GB1297@schottelius.org>
Date: Fri, 22 Oct 2004 14:32:37 +0200
From: Nico -telmich- Schottelius <nico-linux-owl@...ottelius.org>
To: owl-users@...ts.openwall.com
Subject: Re: sudo: why not?
Solar Designer [Wed, Oct 20, 2004 at 11:55:16PM +0400]:
> [su and sudo security problems]
Well, this is not a problem anymore, if you use enhanced
kernel security. For instance using RSBAC (www.rsbac.org)
one can define exaclty what program and which user may use
setuid from which uid to which uid.
In normal system status, no setuid() is allowed.
And yes, it's an external kernel patch, which is not in vanilla
Kernel. Though it's tested and stable.
Just wanted to tell you this possibility of hardening owl/
any distribution.
Nico
--
Keep it simple & stupid, use what's available.
Please use pgp encryption: 8D0E 27A4 is my id.
http://nico.schotteli.us | http://linux.schottelius.org
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.