grsecurity forums


http://forums.grsecurity.net./

Usefulness of grsec ACL system for chroots

http://forums.grsecurity.net./viewtopic.php?f=3&t=661

Page 1 of 1

Usefulness of grsec ACL system for chroots

PostPosted: Thu Jan 08, 2004 7:52 pm
by ummajera
Hi,

Is the ACL system any usefull for daemons that are ALL chainrooted?

That is, all the the publicaly accessible daemons are chrooted (apache, apache-ssl, postfix, and nsd [name server] ). The ACL system requires that root is essentially crippled which is no good for cron jobs (logrotate, etc..)

ALL of the chroot restrictions are on and daemons running non-root. Is there really any advantage running the ACL system?

- Adam

PS. Local users are 100% trusted :)

PostPosted: Fri Jan 09, 2004 5:30 am
by Sleight of Mind
Well, if local users are 100% trusted you don't really need ACL i guess. Just make sure to keep software running as root up to date, so nobody will gain shell on your box ;)
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/