| 1 |
>2009/9/20, Javier J. Martínez Cabezón <tazok.id0@×××××.com>: |
| 2 |
> Another question that I think grsec lacks is the control of which |
| 3 |
> SETUID binary could change to which uid (for example, permit only |
| 4 |
> login to change to the uid 1000 and not 80), or forbid setuid if the |
| 5 |
> user does not authenticate itself against the kernel (with a password |
| 6 |
> in for example sshd, so remote exploits which affect priviledge parts |
| 7 |
> of sshd only could change to uid 22 and not to root or those which |
| 8 |
> affect login could be controlated) |
| 9 |
|
| 10 |
I was wrong here as you can see here: |
| 11 |
http://en.wikibooks.org/wiki/Grsecurity/Appendix/Subject_Attributes |
| 12 |
Sorry by the mistake. |
Archives