1 |
>2009/9/20, Javier J. Martínez Cabezón <tazok.id0@×××××.com>: |
2 |
> Another question that I think grsec lacks is the control of which |
3 |
> SETUID binary could change to which uid (for example, permit only |
4 |
> login to change to the uid 1000 and not 80), or forbid setuid if the |
5 |
> user does not authenticate itself against the kernel (with a password |
6 |
> in for example sshd, so remote exploits which affect priviledge parts |
7 |
> of sshd only could change to uid 22 and not to root or those which |
8 |
> affect login could be controlated) |
9 |
|
10 |
I was wrong here as you can see here: |
11 |
http://en.wikibooks.org/wiki/Grsecurity/Appendix/Subject_Attributes |
12 |
Sorry by the mistake. |