Daniel Hagerty wrote:
Scott's real issue is that the exec*() system calls will happily execute things in situations he doesn't consider safe. If you try to fix it somewhere else, you might reduce the problem footprint, but there will still be plenty of situations where user B can impersonate user A because of a mistake rooted in A's cron usage.Maybe SE-Linux has some story for this.
Scott's has mentioned elsewhere that mounting the file system with noexec was acceptable, but if that was not the case, I think SELinux[1]
or the equivalent would be the way to address this. 1. http://en.wikipedia.org/wiki/Selinux -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/ _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
