lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <804dabb00812031622j45fbdc76u5832a469a8a1d82c@mail.gmail.com>
Date:	Thu, 4 Dec 2008 08:22:09 +0800
From:	"Peter Teoh" <htmldeveloper@...il.com>
To:	"Geoffrey McRae" <geoff@...idhost.com>
Cc:	"Miquel van Smoorenburg" <miquels@...tron.nl>,
	"Alan Cox" <alan@...rguk.ukuu.org.uk>,
	"Nick Andrew" <nick@...k-andrew.net>, linux-kernel@...r.kernel.org
Subject: Re: New Security Features, Please Comment

On Thu, Dec 4, 2008 at 8:00 AM, Geoffrey McRae <geoff@...idhost.com> wrote:
>
> The setuid/gid concept in linux is very limited, it would be nice to be
> able to grant programs limited use of setuid, and even go one step
> further, grant programs limited ability to set child uids.

Yes, there can be many other variation on what u have just said, eg,
adding conditions whereby the grant can be used, etc.   If u have a
chance to learn a little bit of SELinux, u will know the whole thing
can be very complex, especially the rules and policies configuration.
 It is a fine balance between overheads vs performance and usability.

>
> To be completly honest, this is the kind of functionallity I expected to
> already be there, and I was hopeing someone would tell me to RTFM on
> function X that already does this...
>

Yes, I am sure it exists...and more likely than not, it can be very
application specific, and therefore, will be done by the higher-end
application in userspace.

But looking beyond, is there any other OS that may have something
similar?  (Windows, or OpenBSD etc?)   Not sure for me.

-- 
Regards,
Peter Teoh

Ernest Hemingway - "Never mistake motion for action."
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ