[rsbac] ssh rc-role
Amon Ott
ao at rsbac.org
Fri Aug 25 09:31:16 CEST 2006
On Donnerstag 24 August 2006 19:09, tazok wrote:
> 2006/8/24, Amon Ott <ao at rsbac.org>:
> > If you use passwords for ssh connection, e.g. also use RSBAC User
> > Management and only allow setuid to authenticated uids.
One more hint: RSBAC 1.3-pre optionally also checks all CHANGE_OWNER
for a PROCESS against the target USER. So you can combine this with
RC CHANGE_OWNER right to the user's type or ACLs on the target users.
In the end, your sshd can only setuid to authenticated users of
certain RC types or with a proper ACL entry for the process owner.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list