[BBLISA] Re: SELinux
Tom Metro
tmetro+bblisa at vl.com
Thu Jan 24 18:55:55 EST 2008
Daniel Hagerty wrote:
> Scott's real issue is that the exec*() system calls will happily
> execute things in situations he doesn't consider safe. If you try to
> fix it somewhere else, you might reduce the problem footprint, but
> there will still be plenty of situations where user B can impersonate
> user A because of a mistake rooted in A's cron usage.
>
> Maybe SE-Linux has some story for this.
Scott's has mentioned elsewhere that mounting the file system with
noexec was acceptable, but if that was not the case, I think SELinux[1]
or the equivalent would be the way to address this.
1. http://en.wikipedia.org/wiki/Selinux
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the bblisa
mailing list