On Thu, Jan 24, 2008 at 04:42:11PM -0500, Daniel Hagerty wrote: > Scott's real issue is that the exec*() system calls will happily > execute things in situations he doesn't consider safe. If you try to > fix it somewhere else, you might reduce the problem footprint, but > there will still be plenty of situations where user B can impersonate > user A because of a mistake rooted in A's cron usage. > > Maybe SE-Linux has some story for this.
Systrace can do all sorts of things to neat things in this area. It's like ACLs for syscalls. http://www.citi.umich.edu/u/provos/systrace/ -b -- the roots of education are bitter, but the fruit is sweet. <aristotle> _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
