Permission elevation/issues through badly done acls

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Permission elevation/issues through badly done acls

Postby ijuz » Fri Mar 07, 2003 12:35 pm

Hello,
I just wanted to know if the grsecurity acl's superseed any normal unix permissions, I don't think so, but I'm not entirely sure.
(I just would like to limit some applications, I would like to have the rest working like before)

with kind regards
Christian Leber
ijuz
 
Posts: 1
Joined: Fri Mar 07, 2003 12:27 pm

Postby spender » Fri Mar 07, 2003 3:25 pm

No, grsecurity does not override regular DAC permissions. There's several reasons for this: it removes the chance of the admin doing something stupid that would make his system worse off than it originally is, it removes the chance of their being a bug in such overriding code that would make the system worse off than it originally is, and also doing it the way grsecurity does it is according to DOD silver book specifications.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity support

cron