On Fri, 25 Jan 2002 20:35:02 MST, Kurt Seifried said: > ports I think it may be a good idea to block that type of access. Generally > speaking any program that needs to do privileged thigns such as setting > system time, binding to ports <1024, etc will be documented as needing such, > and in any even you should have an error log to check when it doesn't work. Well, the mainframe world has been doing this sort of compartmentalizing of privs for at least 20 yeas (when did RACF and Top Secret come out? I know IBM's VM picked up basic splitting of privs right off, and finer-grain control in the mid-80s - and MVS had been doing it for a long time already. I'd say it will take at least 3-5 years for the Linux world to start doing it as a matter of course. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
This archive was generated by hypermail 2b30 : Fri Jan 25 2002 - 19:42:32 PST