[CentOS] [OT][Practices] The Case for RBAC/MAC -- setuid _grants_ privilege
Bryan J. Smith
thebs413 at earthlink.netSat Nov 19 18:21:26 UTC 2005
- Previous message: [CentOS] [OT][Practices] The Case for RBAC/MAC -- SELinux is like NetFilter (please read)
- Next message: [CentOS] [OT][Practices] The Case for RBAC/MAC
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, 2005-11-19 at 12:03 -0600, Les Mikesell wrote: > No, the worst case would be more like the bug affecting setuid > handling fixed in kernel 2.2.16. How many years did it take > to find that one? Once again, setuid _grants_ privilege! Please think that through! If you disable setuid, you _increase_ security, because you _remove_ access. You don't _remove_ access when you disable SELinux. Just like you don't _remove_ access when you disable NetFilter. ;-> -- Bryan J. Smith b.j.smith at ieee.org http://thebs413.blogspot.com ------------------------------------------------------------------- For everything else *COUGH*commercials*COUGH* there's "ManningCard"
- Previous message: [CentOS] [OT][Practices] The Case for RBAC/MAC -- SELinux is like NetFilter (please read)
- Next message: [CentOS] [OT][Practices] The Case for RBAC/MAC
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list