Help-gss Digest, Vol 6, Issue 1

Email lists > GNU Generic Security Service

Thread: Help-gss Digest, Vol 6, Issue 1

Search this list only Search all lists
Help-gss Digest, Vol 6, Issue 1
	2006-10-25 17:27:45

; Hello Simon,     I know that there are discussions in the Unix or POSIX community about retiring root and go to something with finer granularity as in the SELinux approach. In this vein, one idea I have been thinking about is for InitSecurityContext and AcceptSecurityContext calls ;reject these ;requests if the process is running with root's uuid.   Regards, Vasili Message: 2 Date: Wed, 25 Oct 2006 12:54:30 +0200 From: Simon Josefsson < jasextundo.com"> jasextundo.com> Subject: Re: security hole in GSS when running as root? To: "Galchin Vasili" < vigalchingmail.com">vigalchingmail.com> Cc: help-gssgnu.org"> help-gssgnu.org Message-ID: < 87iri8d5sp.fsflatte.josefsson.org">87iri8d5sp.fsflatte.josefsson.org> Content-Type: text/plain; charset=us-ascii "Galchin Vasili" < vigalchingmail.com"> vigalchingmail.com> writes: > Hello, >; > ;   If some GSS security mecahisms store information, like e.g. > credentials, in files, running as root a process can read these files and > then masquerade as others. Right. ; The Unix design has been to give "root" the ability to do anything on a system, including reading user's private credentials. There are few technical options that solve this completely, as far as I'm aware. Do you consider this an important problem?  If you have suggestions on solving it, I'd be happy to discuss them. /Simon ------------------------------ _______________________________________________ Help-gss mailing list Help-gssgnu.org">Help-gssgnu.org http://lists.gnu.org/mailman/listinfo/help-gss End of Help-gss Digest, Vol 6, Issue 1 **************************************

[1]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists