On Sat, 2005-11-19 at 12:03 -0600, Les Mikesell wrote: > No, the worst case would be more like the bug affecting setuid > handling fixed in kernel 2.2.16. How many years did it take > to find that one? Once again, setuid _grants_ privilege! Please think that through! If you disable setuid, you _increase_ security, because you _remove_ access. You don't _remove_ access when you disable SELinux. Just like you don't _remove_ access when you disable NetFilter. ;-> -- Bryan J. Smith b.j.smith@xxxxxxxx http://thebs413.blogspot.com ------------------------------------------------------------------- For everything else *COUGH*commercials*COUGH* there's "ManningCard"
[OT][Practices] The Case for RBAC/MAC -- setuid _grants_ privilege
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: [OT][Practices] The Case for RBAC/MAC -- setuid _grants_ privilege
- From: thebs413 at earthlink.net (Bryan J. Smith)
- Date: Sat Nov 19 18:19:08 2005
- In-reply-to: <1132423437.17431.35.camel@xxxxxxxxxxxxxxxxxxxxxxxxx>
- References: <20051118184150.44868.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <1132404635.5155.18.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1132423437.17431.35.camel@xxxxxxxxxxxxxxxxxxxxxxxxx>
- References:
- [OT][Practices] The Case for RBAC/MAC
- From: Bryan J. Smith
- [OT][Practices] The Case for RBAC/MAC -- SELinux is like NetFilter (please read)
- From: Bryan J. Smith
- [OT][Practices] The Case for RBAC/MAC -- SELinux is like NetFilter (please read)
- From: Les Mikesell
- [OT][Practices] The Case for RBAC/MAC
- Prev by Date: [OT][Practices] The Case for RBAC/MAC -- SELinux is like NetFilter (please read)
- Next by Date: Bad disk?
- Previous by thread: [OT][Practices] The Case for RBAC/MAC -- SELinux is like NetFilter (please read)
- Next by thread: [OT][Practices] The Case for RBAC/MAC
- Index(es):
 |