Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: chroot useful?

From: mcnabb () argus-systems com (Paul McNabb)
Date: Mon, 17 Nov 1997 13:54:26 -0600
 From: Darren Reed <darrenr () cyber com au>
 
 I think that the approach being described here is good for chroot'd
 environments and maybe that's all.  Out in the big bad world of Unix,
 if I have "uid 0" and I can use cron/crontab, what does it matter if
 I can or can't open /dev/kmem myself ?  The cron daemon is not very
 likely to have any restrictions placed upon it and neither is there
 any standard transferral of priviledges you (no longer) have.
 
 If I could mention that yucky Orange Book for a second, were the
 data labelled going into cron/crontab and those programs recognised
 those labels, then perhaps the confinment would be worthwhile.


I would hope that any B-level system out there would extend the labeling
and privileges to the cron/at subsystem.  All the ones I have seen do.

paul

---------------------------------------------------------
Paul McNabb                     Argus Systems Group, Inc.
Vice President and CTO          1809 Woodfield Drive
mcnabb () argus-systems com        Savoy, IL 61874 USA
TEL 217-355-6308
FAX 217-355-1433                "Securing the Future"
---------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: