grsecurity forums


https://forums.grsecurity.net./

Permission elevation/issues through badly done acls

https://forums.grsecurity.net./viewtopic.php?f=3&t=322

Page 1 of 1

Permission elevation/issues through badly done acls

PostPosted: Fri Mar 07, 2003 12:35 pm
by ijuz
Hello,
I just wanted to know if the grsecurity acl's superseed any normal unix permissions, I don't think so, but I'm not entirely sure.
(I just would like to limit some applications, I would like to have the rest working like before)

with kind regards
Christian Leber

PostPosted: Fri Mar 07, 2003 3:25 pm
by spender
No, grsecurity does not override regular DAC permissions. There's several reasons for this: it removes the chance of the admin doing something stupid that would make his system worse off than it originally is, it removes the chance of their being a bug in such overriding code that would make the system worse off than it originally is, and also doing it the way grsecurity does it is according to DOD silver book specifications.

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/