Re: [CentOS] [OT][Practices] The Case for RBAC/MAC -- setuid _grants_ privilege

19 Nov 2005


      On Sat, 2005-11-19 at 12:03 -0600, Les Mikesell wrote:
...
No, the worst case would be more like the bug affecting setuid
handling fixed in kernel 2.2.16.  How many years did it take
to find that one?
Once again, setuid _grants_ privilege!  Please think that through!  If
you disable setuid, you _increase_ security, because you _remove_
access.
You don't _remove_ access when you disable SELinux.
Just like you don't _remove_ access when you disable NetFilter.  ;->
-- 
Bryan J. Smith   b.j.smith@ieee.org   http://thebs413.blogspot.com
-------------------------------------------------------------------
For everything else *COUGH*commercials*COUGH* there's "ManningCard"

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] [OT][Practices] The Case for RBAC/MAC -- setuid _grants_ privilege