Re: Linux Security: An Appeal

Alan Cox (alan@lxorguk.ukuu.org.uk)
Thu, 19 Dec 1996 18:29:20 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: adding scsi devices"
Previous message: Alan Cox: "Re: 2.1.16 modules compile errors"
In reply to: riordan@math.umn.edu: "Re: Linux Security: An Appeal"
Next in thread: Kevin M. Bealer: "Re: Linux Security: An Appeal"

> True but it's not clear that that is a bad thing. If I hack my kernel
> so that user httpd can bind port 80 or that a mail reception agent can
> bind port 25 (so that they do not have to run as root) is it still
> Unix? If I then put this type of deviation from the standard unix set-
> up in a configuration file...

Anyone wanting to contribute an ipfw modification to allow you to set
permissions on firewall entries is asked to contribute. Its an idea
I've bounced around for ages but not found nice semantics for.

I'd also strongly suggest at looking at the POSIX.6 work which is designed
to cleanly handle issues like fine grained security. Remember however that
fine grained security can also simply mean lots of smaller leaks

Next message: Alan Cox: "Re: adding scsi devices"
Previous message: Alan Cox: "Re: 2.1.16 modules compile errors"
In reply to: riordan@math.umn.edu: "Re: Linux Security: An Appeal"
Next in thread: Kevin M. Bealer: "Re: Linux Security: An Appeal"