This raises another point of interest. Many applications do unexpected things, like accessing low (i.e. <1024) port numbers for no apperent reason, friend of mine mentioned this after playing with gnome/etc and seeing it try to bind all sorts of weird ports. Obviously if a system admin is loading things like NTP it is quite simple (well, it should be =) to modify system policies to allow a process/username/whatever to adjust the system time as needed. On the other hand When I see things like Gnome trying to grab <1024 ports I think it may be a good idea to block that type of access. Generally speaking any program that needs to do privileged thigns such as setting system time, binding to ports <1024, etc will be documented as needing such, and in any even you should have an error log to check when it doesn't work. Otherwise what is the point of having LSM at all if we start allowing apps full system access (i.e. root access as is currently implemented on most stock unix systems)? Kurt Seifried, kurtat_private A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jan 25 2002 - 19:35:22 PST