Stephen and all, On 2001-06-18 14:55:00 +0000, Stephen Smalley wrote: > > Since people seem to prefer purely restrictive hooks (and these are > sufficient for SELinux), I've changed the authoritative hooks in our > LSM patch to be purely restrictive. I guess my only question is: Will "purely restrictive" hooks allow modules that allow non-root users to bind privileged ports, chroot, and possibly setuid/setgid? In my mind, requiring root privileges for these (and many other) tasks is one of the fundamental flaws in Unix (it forces every Unix system to violate the principle of giving minimal permissions). An LSM that allows a specific trusted (defined as you see fit) application access to a specific subset of what are currently root-only services would seem to be a Good Thing. Without looking too closely, this would seem to be a "permissive" operation, therefore requiring a "permissive" hook. Please tell me I'm wrong! Shane _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 01:16:25 PDT