1 |
On Wed, Apr 26, 2006 at 02:54:15PM -0400, Joshua Brindle wrote: |
2 |
> Niels Provos wrote: |
3 |
> |
4 |
> That is fair. If noone involved considers systrace MAC then I'm less |
5 |
> inclined to care about its availability, I'm still very concerned about |
6 |
> privilege escalation and user interaction. I will not concede that this |
7 |
> sort of activity (particularly the privilege escalation) is very dangerous. |
8 |
> |
9 |
|
10 |
Even if it's only allowed to root and/or systraced processes ? |
11 |
|
12 |
(let's remember that systrace is something that must be very selectively |
13 |
enabled and that the privilege elevation thing is only available to root on |
14 |
processes started with systrace) |
15 |
|
16 |
-- |
17 |
Andrea Barisani <lcars@g.o> .*. |
18 |
Gentoo Linux Infrastructure Developer V |
19 |
( ) |
20 |
PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) |
21 |
0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E ^^_^^ |
22 |
"Pluralitas non est ponenda sine necessitate" |
23 |
-- |
24 |
gentoo-hardened@g.o mailing list |