Gentoo Archives: gentoo-hardened

From: "Javier J. Martínez Cabezón" <tazok.id0@×××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] "How hard" is Linux kernel-side hardening?
Date: Sun, 20 Sep 2009 20:09:16
Message-Id: 897813410909201309ob64fa43q6f2982f2df5e44d9@mail.gmail.com
In Reply to: Re: [gentoo-hardened] "How hard" is Linux kernel-side hardening? by "Javier J. Martínez Cabezón"
>2009/9/20, Javier J. Martínez Cabezón <tazok.id0@×××××.com>: > Another question that I think grsec lacks is the control of which > SETUID binary could change to which uid (for example, permit only > login to change to the uid 1000 and not 80), or forbid setuid if the > user does not authenticate itself against the kernel (with a password > in for example sshd, so remote exploits which affect priviledge parts > of sshd only could change to uid 22 and not to root or those which > affect login could be controlated)
I was wrong here as you can see here: http://en.wikibooks.org/wiki/Grsecurity/Appendix/Subject_Attributes Sorry by the mistake.

Replies

Subject Author
Re: [gentoo-hardened] "How hard" is Linux kernel-side hardening? Marco Venutti <veeenrg@×××××.com>