On Wed, 30 May 2001 22:04:16 PDT, Chris Lundberg <clundberat_private> said: > I was under the impression that a _security_ module was supposed to > prevent people from doing bad and evil, not allow them to do new bad and > evil. That is to say, if we are adding security hooks, then they > shouldn't allow the user to do anything they couldn't before, but instead > disallow them from doing bad things. It's quite plausible that you would want to allow something to happen that couldn't before. As a *2AM STRAW MAN*, consider xntpd. The only 2 things it needs root for are a bind() to port 123 and diddling with the system clock. Now, if you find a way to allow the xntpd binary to do those 2 things without root - you have allowed the user to do things they couldn't do before. Now, of course, a *sane* security policy would have a clause "if running as user 'ntp' and the binary is /usr/sbin/xntpd and...". But it's still allowing something to happen as a user that didn't used to be allowable. Heck, the entire P1003.1c/3e capabilities/ACL/etc thing is all about adding additional things toi the set of things allowable to users (under controlled circumstances). /Valdis _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed May 30 2001 - 22:48:29 PDT