Re: Ports 0-1023?

From: Clint Byrum (cbyrumat_private)
Date: Fri Jul 05 2002 - 11:10:43 PDT

Next message: silencedscreamat_private: "Google lists vulnerable sites."

Previous message: Charles 'core' Stevenson: "Re: Ports 0-1023?"
In reply to: Brian Hatch: "Re: Ports 0-1023?"
Next in thread: Robert Bihlmeyer: "Re: Ports 0-1023?"
Next in thread: Dawes, Rogan (ZA - Johannesburg): "RE: Ports 0-1023?"
Next in thread: gminick: "Re: Ports 0-1023?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2002-07-04 at 21:09, Brian Hatch wrote:
> 
> 
<snip>
> 
> 	$ cat uid-granter.conf
> 	# invoking-program   expected-user   suid-to, ...
> 
> 	/usr/sbin/sshd       sshd            *
> 	/usr/sbin/imapd      imapd           !root,*
> 	...
> 

This is remarkably similar to SELinux's Type Enforcement(tm) setup. Have
a look, it probably accomplishes everything you're talking about. The
apache/ssh/imap/etc. daemons have to be slightly modified to support the
"Flask" extensions, but once they have been patched it works quite
nicely. When not patched, they just aren't able to change "contexts".

http://www.nsa.gov/selinux
http://lsm.immunix.org/

Next message: silencedscreamat_private: "Google lists vulnerable sites."
Previous message: Charles 'core' Stevenson: "Re: Ports 0-1023?"
In reply to: Brian Hatch: "Re: Ports 0-1023?"
Next in thread: Robert Bihlmeyer: "Re: Ports 0-1023?"
Next in thread: Dawes, Rogan (ZA - Johannesburg): "RE: Ports 0-1023?"
Next in thread: gminick: "Re: Ports 0-1023?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 05 2002 - 15:22:28 PDT