Re: 2.5 ipsec user policies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Yes but what if there's a global BLOCK policy? The user can bypass this with his own policy, or am I missing something?

--Mika


David S. Miller wrote:

  From: Mika Penttilä <mika.penttila@kolumbus.fi>
  Date: Sun, 01 Jun 2003 12:01:40 +0300

It looks that ordinary users are capable of doing these, shouldn't this be restricted to root or something?

Not really.

Just as a user can do something like:

bash$ echo "my aol.com password is frob67bar" | mail linux-kernel@vger.kernel.org

he may also select his own socket local security policies.

What he may not do is control the security policies of other
users.





-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux