Re: Legitimate Question

From: Chris Wright (chrisat_private)
Date: Thu Jan 24 2002 - 13:10:24 PST

  • Next message: Chris Wright: "Re: Legitimate Question"

    * jmjonesat_private (jmjonesat_private) wrote:
    > 
    > Wouldn't it be useful for a userspace application that is
    > setuid root to be able to bypass the module's checks.  
    > Isn't setuid ROOT generally assumed to be a "non-restricted"
    > condition?
    
    Well, this is a policy choice.  In the case of the capability module,
    for example, setuid root does basically give you an unconstrained process.
    
    > How does the new paradigm change that, specifically, and 
    > why SHOULD it do that?
    
    The new paradigm allows you to know when a setuid program is being
    executed and make any policy choice you want about the credentials of
    the program.  if (full_moon && setuid) grant_full_priveleges; or
    whatever the policy may be ;-)
    
    thanks,
    -chris
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Jan 24 2002 - 13:05:23 PST