[BBLISA] Appreciate the help...
Ben Eisenbraun
bene at klatsch.org
Thu Jan 24 19:07:59 EST 2008
On Thu, Jan 24, 2008 at 04:42:11PM -0500, Daniel Hagerty wrote:
> Scott's real issue is that the exec*() system calls will happily
> execute things in situations he doesn't consider safe. If you try to
> fix it somewhere else, you might reduce the problem footprint, but
> there will still be plenty of situations where user B can impersonate
> user A because of a mistake rooted in A's cron usage.
>
> Maybe SE-Linux has some story for this.
Systrace can do all sorts of things to neat things in this area. It's like
ACLs for syscalls.
http://www.citi.umich.edu/u/provos/systrace/
-b
--
the roots of education are bitter, but the fruit is sweet.
<aristotle>
More information about the bblisa
mailing list