Vulnerability Development mailing list archives
Re: Ports 0-1023?
From: Clint Byrum <cbyrum () spamaps org>
Date: 05 Jul 2002 11:10:43 -0700
On Thu, 2002-07-04 at 21:09, Brian Hatch wrote:
<snip>
$ cat uid-granter.conf # invoking-program expected-user suid-to, ... /usr/sbin/sshd sshd * /usr/sbin/imapd imapd !root,* ...
This is remarkably similar to SELinux's Type Enforcement(tm) setup. Have a look, it probably accomplishes everything you're talking about. The apache/ssh/imap/etc. daemons have to be slightly modified to support the "Flask" extensions, but once they have been patched it works quite nicely. When not patched, they just aren't able to change "contexts". http://www.nsa.gov/selinux http://lsm.immunix.org/
Current thread:
- Re: Ports 0-1023?, (continued)
- Re: Ports 0-1023? gminick (Jul 04)
- Re: Ports 0-1023? Bruno Morisson (Jul 04)
- Re: Ports 0-1023? gminick (Jul 05)
- Re: Ports 0-1023? George W. Capehart (Jul 05)
- Re: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 04)
- Re: Ports 0-1023? Blue Boar (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 05)
- Re: Ports 0-1023? Clint Byrum (Jul 05)
- Re: Ports 0-1023? Blue Boar (Jul 08)
- Re: Ports 0-1023? Robert Bihlmeyer (Jul 08)