Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Mon, 25 Oct 2004 02:34:55 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-users@...ts.openwall.com
Subject: Re: sudo: why not?

On Sun, Oct 24, 2004 at 06:45:26PM +0200, Nico -telmich- Schottelius wrote:
> The difference betwenn normal and rsbac systems:
> 
> - normal kernel doesn't check for setuid()s
> - normally only su itself checks for a correct password, it does not
>   check whether the user is allowed to start su
> - normally su allows _anybody_ to change to _anybody else's_ id, rsbac
>   only allows predefined changes

None of these have anything to do with the problem I've described.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux