Vulnerability Development mailing list archives

Re: Ports 0-1023?

From: Clint Byrum <cbyrum () spamaps org>
Date: 05 Jul 2002 11:10:43 -0700

On Thu, 2002-07-04 at 21:09, Brian Hatch wrote:

<snip>


      $ cat uid-granter.conf
      # invoking-program   expected-user   suid-to, ...

      /usr/sbin/sshd       sshd            *
      /usr/sbin/imapd      imapd           !root,*
      ...


This is remarkably similar to SELinux's Type Enforcement(tm) setup. Have
a look, it probably accomplishes everything you're talking about. The
apache/ssh/imap/etc. daemons have to be slightly modified to support the
"Flask" extensions, but once they have been patched it works quite
nicely. When not patched, they just aren't able to change "contexts".

http://www.nsa.gov/selinux
http://lsm.immunix.org/

Current thread:

Re: Ports 0-1023?, (continued)
- - - Re: Ports 0-1023? gminick (Jul 04)
    - Re: Ports 0-1023? Bruno Morisson (Jul 04)
    - Re: Ports 0-1023? gminick (Jul 05)
    - Re: Ports 0-1023? George W. Capehart (Jul 05)
- Ports 0-1023? alex (Jul 04)
  - Re: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Blue Boar (Jul 04)
  - Re: Ports 0-1023? Brian Hatch (Jul 04)
    - Re: Ports 0-1023? Blue Boar (Jul 04)
    - Re: Ports 0-1023? Brian Hatch (Jul 05)
    - Re: Ports 0-1023? Clint Byrum (Jul 05)
  - Re: Ports 0-1023? Robert Bihlmeyer (Jul 08)
    - Re: Ports 0-1023? Blue Boar (Jul 08)
    - Re: Ports 0-1023? Robert Bihlmeyer (Jul 08)
- RE: Ports 0-1023? Michael Wojcik (Jul 07)
- RE: Ports 0-1023? Dawes, Rogan (ZA - Johannesburg) (Jul 08)
- RE: Ports 0-1023? Dawes, Rogan (ZA - Johannesburg) (Jul 08)