>2009/9/20, Javier J. Martínez Cabezón <tazok.id0@...>:
> Another question that I think grsec lacks is the control of which
> SETUID binary could change to which uid (for example, permit only
> login to change to the uid 1000 and not 80), or forbid setuid if the
> user does not authenticate itself against the kernel (with a password
> in for example sshd, so remote exploits which affect priviledge parts
> of sshd only could change to uid 22 and not to root or those which
> affect login could be controlated)

I was wrong here as you can see here:
http://en.wikibooks.org/wiki/Grsecurity/Appendix/Subject_Attributes
Sorry by the mistake.