Usefulness of grsec ACL system for chroots

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Do you run ACL enabled server?

Yes
5
63%
No
3
38%
ACL, well, not sure where he went....
0
No votes
 
Total votes : 8

Usefulness of grsec ACL system for chroots

Postby ummajera » Thu Jan 08, 2004 7:52 pm

Hi,

Is the ACL system any usefull for daemons that are ALL chainrooted?

That is, all the the publicaly accessible daemons are chrooted (apache, apache-ssl, postfix, and nsd [name server] ). The ACL system requires that root is essentially crippled which is no good for cron jobs (logrotate, etc..)

ALL of the chroot restrictions are on and daemons running non-root. Is there really any advantage running the ACL system?

- Adam

PS. Local users are 100% trusted :)
ummajera
 
Posts: 4
Joined: Tue Jun 03, 2003 7:09 pm

Postby Sleight of Mind » Fri Jan 09, 2004 5:30 am

Well, if local users are 100% trusted you don't really need ACL i guess. Just make sure to keep software running as root up to date, so nobody will gain shell on your box ;)
Sleight of Mind
 
Posts: 92
Joined: Tue Apr 08, 2003 10:41 am


Return to grsecurity support