ssh -l root getting context staff_t is pointless

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I read previous discussions about it here.  The argument IIRC is that
making the default context staff_t adds a little bit of security.

IMHO, it adds no security whatsoever, since
`ssh -l root hostname -t su -' gets you to sysadm_r without asking for
a password.  So how about changing the default policy such that ssh
selects sysadm_r by default, which should minimize the inconvenience
without really losing anything in terms of security?

-- 
Alexandre Oliva             http://www.ic.unicamp.br/~oliva/
Red Hat Compiler Engineer   aoliva@{redhat.com, gcc.gnu.org}
Free Software Evangelist  oliva@{lsd.ic.unicamp.br, gnu.org}

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux