[rsbac] Trusted Path Execution and scripts

Jens Kasten jens at igraltist.dyndns.org
Sat Jul 22 12:40:11 CEST 2006

ok, for me is what a standard linux accescontroll deliver not the basic to say 
if it a trusted_script or not.
i try to split the system in many differnt parts. so the /etc/init.d script 
the root-user has no access to it, because no use for him.
the rc-role system only can manage this but nothing more.
for install software the same thing the root-user has no access to the 
packages database. therefore exists and only for this the rc-role apt.
for every thing an user with rc-role with limit rights for his job.
that a file cannot modiefied by other user than root and not read, to describe 
the trusted script is for me old "thinks", because it came form time where 
nothing others exists.
now my policy make the main saying what is trusted or not and is depends on 
what  can i see  important or not.
if you dont use rsbac of course the root-user is the man wich has a freeticket 
on the system.

Am Samstag 22 Juli 2006 11:23 schrieb tazok:
> About the trusted scripts, one trusted script could be for example one
> of the /etc/init.d scripts, that is, one script that could not be
> modified by any user not me (the TPE suggest that a trusted binary is
> those which resides in a directory owned by root and without writing
> privilege to the group owner and others), the idea is that only the
> scripts I say "trusted" (that is unmodified by a third party) could be
> run.

More information about the rsbac mailing list