[rsbac] ssh rc-role

Amon Ott ao at rsbac.org
Thu Aug 24 08:19:07 CEST 2006

On Mittwoch 23 August 2006 19:40, tazok wrote:
> The role_inherit_mixed_up I think is the behaviour by default in the
> RC model (as you can see in their documentation), and probably used
> for all login based programs.

The idea for login or sshd is to have one initial role with minimal 
rights and the forced role setting up_mixed (the default). When the 
program gets started, it has the initial role. Only after the setuid 
(which is controlled by RSBAC) the process gets the user's default 

If e.g. sshd gets hacked like it has been before, it either still runs 
with the initial role and has minimal rights, or tries to setuid, and 
that is restricted through AUTH (and optionally RC, ACL in RSBAC 
1.3). So the damage can be minimalized.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list