On Tue, 30 Jun 1998 15:32:25 +0200 (MET DST), MOLNAR Ingo
<mingo@valerie.inf.elte.hu> said:
> of course we have to remove/reduce all code within the kernel that depends
> on uid==0, this is exactly what is happening right now.
> my point was, root might still have administrative powers, ...
I just don't like calling the administration account "root". If "root"
is the default user that init and all daemons inherit, then there's good
reason to use a different account for admin. After all, ...
>> One common way of managing the issue is to have an admin user who has
>> access to a specific subdirectory of the filesystem in which there
>> are separate copies of important binaries which are specifically
>> allowed to inherit all privileges
> yes, this is exactly what will happen.
... so we're agreeing that it's just a filesystem permissions thing, and
there's no uid given privilege by the kernel. One of the demands of
security is that we keep security domains as small as they need to be,
and there's no need to let init and friends into the same security
domain (ie. uid) as the admin account.
--Stephen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu