On 15 Apr, Jamie Lokier wrote:
+-----
| Linda Walsh wrote:
| > I'm not talking about limits. I'm talking about an
| > auditting ID that needs to be based on a when a user logs in
| > and stays with them over any SUID or 'su' commands.
|
| "telnet localhost" subverts this if you allow it (but you probably wouldn't).
|
| This shows that you have to audit and possibly restrict all daemons that
| permit uid changes anyway.
|
| So why not just use the time-honoured "real user id"?
+--->8
I think you're misunderstanding; this is a "new idea" only for Linux.
LUIDs are part of CAPP, which used to be called "C2" security. IOW
it's an existing standard, and one that some places insist on.
-- brandon s. allbery os/2,linux,solaris,perl allbery@kf8nh.apk.net system administrator kthkrb,heimdal,gnome,rt allbery@ece.cmu.edu carnegie mellon / electrical and computer engineering kf8nh We are Linux. Resistance is an indication that you missed the point.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:09 EST