|
Firewall Wizards
mailing list archives
Re: chroot useful?
From: mcnabb () argus-systems com (Paul McNabb)
Date: Mon, 17 Nov 1997 13:54:26 -0600
From: Darren Reed <darrenr () cyber com au>
I think that the approach being described here is good for chroot'd
environments and maybe that's all. Out in the big bad world of Unix,
if I have "uid 0" and I can use cron/crontab, what does it matter if
I can or can't open /dev/kmem myself ? The cron daemon is not very
likely to have any restrictions placed upon it and neither is there
any standard transferral of priviledges you (no longer) have.
If I could mention that yucky Orange Book for a second, were the
data labelled going into cron/crontab and those programs recognised
those labels, then perhaps the confinment would be worthwhile.
I would hope that any B-level system out there would extend the labeling
and privileges to the cron/at subsystem. All the ones I have seen do.
paul
---------------------------------------------------------
Paul McNabb Argus Systems Group, Inc.
Vice President and CTO 1809 Woodfield Drive
mcnabb () argus-systems com Savoy, IL 61874 USA
TEL 217-355-6308
FAX 217-355-1433 "Securing the Future"
---------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: chroot useful?, (continued)
Re: chroot useful? Anton J Aylward (Nov 17)
RE: chroot useful? Joseph Judge (Nov 17)
Re: chroot useful? Paul McNabb (Nov 17)
Re: chroot useful? Paul McNabb (Nov 17)
Re: chroot useful? Anton J Aylward (Nov 20)
|
Intro
