Hi there,
as Brad wrote in the ACL Documentation:
> Administrative programs such as shutdown or reboot should require
> authentication, instead of giving everyone the capabilities to run them.
Sorry for an eventually stupid question, but how can I do this?
I understand it like someone logged in as root, do "reboot" and then "grsec Password:" ... Am I right?
Or is this completely different and has nothing to do with the ACL subsystem?
ciao, Marc
Authentication for binaries
2 posts
• Page 1 of 1
Authentication for binaries
by hightower » Tue Aug 20, 2002 8:49 am
- hightower
- Posts: 49
- Joined: Wed Mar 06, 2002 11:36 am
by spender » Wed Aug 21, 2002 9:14 am
No, what I meant was that for your ACLs, it wouldn't be wise to grant
CAP_SYS_REBOOT to /sbin/shutdown. Because then the attacker logged in as
root can just execute that program, since it does what they want. What you
should do is give the capability to /sbin/shutdown, but make /sbin/shutdown
hidden to everyone, so what you do is use gradm -a to enter admin mode,
which allows you to view /sbin/shutdown, then you run it.
-Brad
CAP_SYS_REBOOT to /sbin/shutdown. Because then the attacker logged in as
root can just execute that program, since it does what they want. What you
should do is give the capability to /sbin/shutdown, but make /sbin/shutdown
hidden to everyone, so what you do is use gradm -a to enter admin mode,
which allows you to view /sbin/shutdown, then you run it.
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
2 posts
• Page 1 of 1