Bug: Selecting GID for untrusted users

Discuss and suggest new grsecurity features

Bug: Selecting GID for untrusted users

Postby Tozz » Wed Nov 06, 2002 2:30 pm

Hello,

The feature: "[*] Trusted path execution' has a suboption called:
GID for untrusted users: (NEW) .

which bugs.

by default the GID is 1005. However, you can only add numbers to this value. You cannot remove the 1005.

(In the kernel configuration, make menuconfig).
Tozz
 
Posts: 4
Joined: Tue Oct 29, 2002 6:52 am

Postby spender » Wed Nov 06, 2002 2:35 pm

It's not a bug, that's simply the way it was designed. If you're using TPE you basically are choosing an untrusted group. You can then choose to put everyone else under a lesser restriction. If you want to have everyone under the lesser restriction, just make the GID something you won't ever use.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity development