[CentOS] [OT][Practices] The Case for RBAC/MAC -- setuid _grants_ privilege
Bryan J. Smith
thebs413 at earthlink.net
Sat Nov 19 18:21:26 UTC 2005
On Sat, 2005-11-19 at 12:03 -0600, Les Mikesell wrote:
> No, the worst case would be more like the bug affecting setuid
> handling fixed in kernel 2.2.16. How many years did it take
> to find that one?
Once again, setuid _grants_ privilege! Please think that through! If
you disable setuid, you _increase_ security, because you _remove_
access.
You don't _remove_ access when you disable SELinux.
Just like you don't _remove_ access when you disable NetFilter. ;->
--
Bryan J. Smith b.j.smith at ieee.org http://thebs413.blogspot.com
-------------------------------------------------------------------
For everything else *COUGH*commercials*COUGH* there's "ManningCard"
More information about the CentOS
mailing list