Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Fri, 22 Oct 2004 14:32:37 +0200
From: Nico -telmich- Schottelius <nico-linux-owl@...ottelius.org>
To: owl-users@...ts.openwall.com
Subject: Re: sudo: why not?

Solar Designer [Wed, Oct 20, 2004 at 11:55:16PM +0400]:
> [su and sudo security problems]

Well, this is not a problem anymore, if you use enhanced
kernel security. For instance using RSBAC (www.rsbac.org)
one can define exaclty what program and which user may use
setuid from which uid to which uid.

In normal system status, no setuid() is allowed.

And yes, it's an external kernel patch, which is not in vanilla
Kernel. Though it's tested and stable.

Just wanted to tell you this possibility of hardening owl/
any distribution.

Nico

-- 
Keep it simple & stupid, use what's available.
Please use pgp encryption: 8D0E 27A4 is my id.
http://nico.schotteli.us | http://linux.schottelius.org

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux