Hello Eric,
On Fri, 28 Jun 2019, Eric Biggers wrote:
In a datacenter like environment, this will protect the system from below
attacks:
1.Prevents attacker from deploying scripts that run arbitrary executables on the system.
2.Prevents physically present malicious admin to run arbitrary code on the
machine.
Regards,
Jaskaran
So you are trying to protect against people who already have a root shell?
Can't they just e.g. run /usr/bin/python and type in some Python code?
Or run /usr/bin/curl and upload all your secret data to their server.
- Eric
You are correct, it would not be feasible for a general purpose distro,
but for embedded systems and other cases where there is a more tightly
locked-down system.
Regards,
Jaskaran.
