[CentOS] [OT][Practices] The Case for RBAC/MAC -- setuid _grants_ privilege

Bryan J. Smith thebs413 at earthlink.net
Sat Nov 19 18:21:26 UTC 2005

On Sat, 2005-11-19 at 12:03 -0600, Les Mikesell wrote:
> No, the worst case would be more like the bug affecting setuid
> handling fixed in kernel 2.2.16.  How many years did it take
> to find that one? 

Once again, setuid _grants_ privilege!  Please think that through!  If
you disable setuid, you _increase_ security, because you _remove_

You don't _remove_ access when you disable SELinux.
Just like you don't _remove_ access when you disable NetFilter.  ;->

Bryan J. Smith   b.j.smith at ieee.org   http://thebs413.blogspot.com
For everything else *COUGH*commercials*COUGH* there's "ManningCard"

More information about the CentOS mailing list