On Thu, 24 Jan 2002 jmjonesat_private wrote: > Wouldn't it be useful for a userspace application that is > setuid root to be able to bypass the module's checks. Useful for people who want to break into your systems, yes. One of the problems with existing Unix systems is that you only need to find a single setuid root program or root daemon that has a flaw, and you can take control of the entire system. > Isn't setuid ROOT generally assumed to be a "non-restricted" > condition? By the Unix DAC logic, yes, although capabilities are a step toward partitioning up root privileges. That doesn't mean that you want to treat root specially in your security module. > How does the new paradigm change that, specifically, and > why SHOULD it do that? That is up to the security module. I'd encourage you to read the intro to the SELinux paper from Freenix (http://www.nsa.gov/selinux/doc/freenix01/node1.html). -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jan 24 2002 - 13:16:32 PST