Re: Legitimate Question

From: Kurt Seifried (listuserat_private)
Date: Fri Jan 25 2002 - 19:35:02 PST

  • Next message: Valdis.Kletnieksat_private: "Re: Legitimate Question"

    This raises another point of interest. Many applications do unexpected
    things, like accessing low (i.e. <1024) port numbers for no apperent reason,
    friend of mine mentioned this after playing with gnome/etc and seeing it try
    to bind all sorts of weird ports. Obviously if a system admin is loading
    things like NTP it is quite simple (well, it should be =) to modify system
    policies to allow a process/username/whatever to adjust the system time as
    needed. On the other hand When I see things like Gnome trying to grab <1024
    ports I think it may be a good idea to block that type of access. Generally
    speaking any program that needs to do privileged thigns such as setting
    system time, binding to ports <1024, etc will be documented as needing such,
    and in any even you should have an error log to check when it doesn't work.
    
    Otherwise what is the point of having LSM at all if we start allowing apps
    full system access (i.e. root access as is currently implemented on most
    stock unix systems)?
    
    Kurt Seifried, kurtat_private
    A15B BEE5 B391 B9AD B0EF
    AEB0 AD63 0B4E AD56 E574
    http://www.seifried.org/security/
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Jan 25 2002 - 19:35:22 PST