On Thu, 2002-07-04 at 21:09, Brian Hatch wrote: > > <snip> > > $ cat uid-granter.conf > # invoking-program expected-user suid-to, ... > > /usr/sbin/sshd sshd * > /usr/sbin/imapd imapd !root,* > ... > This is remarkably similar to SELinux's Type Enforcement(tm) setup. Have a look, it probably accomplishes everything you're talking about. The apache/ssh/imap/etc. daemons have to be slightly modified to support the "Flask" extensions, but once they have been patched it works quite nicely. When not patched, they just aren't able to change "contexts". http://www.nsa.gov/selinux http://lsm.immunix.org/
This archive was generated by hypermail 2b30 : Fri Jul 05 2002 - 15:22:28 PDT