[rsbac] Trusted Path Execution and scripts
jens at igraltist.dyndns.org
Sat Jul 22 12:40:11 CEST 2006
ok, for me is what a standard linux accescontroll deliver not the basic to say
if it a trusted_script or not.
i try to split the system in many differnt parts. so the /etc/init.d script
the root-user has no access to it, because no use for him.
the rc-role system only can manage this but nothing more.
for install software the same thing the root-user has no access to the
packages database. therefore exists and only for this the rc-role apt.
for every thing an user with rc-role with limit rights for his job.
that a file cannot modiefied by other user than root and not read, to describe
the trusted script is for me old "thinks", because it came form time where
nothing others exists.
now my policy make the main saying what is trusted or not and is depends on
what can i see important or not.
if you dont use rsbac of course the root-user is the man wich has a freeticket
on the system.
Am Samstag 22 Juli 2006 11:23 schrieb tazok:
> About the trusted scripts, one trusted script could be for example one
> of the /etc/init.d scripts, that is, one script that could not be
> modified by any user not me (the TPE suggest that a trusted binary is
> those which resides in a directory owned by root and without writing
> privilege to the group owner and others), the idea is that only the
> scripts I say "trusted" (that is unmodified by a third party) could be
More information about the rsbac