[913] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] security idea

daemon@ATHENA.MIT.EDU (Wietse Venema)
Tue Jul 16 05:53:41 1996

From: wietse@wzv.win.tue.nl (Wietse Venema)
To: braam@maths.ox.ac.uk (Peter J. Braam)
Date: Tue, 16 Jul 96 8:57:58 MET DST
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.91.960713125339.353A-100000@seal.stelias.com>; from "Peter J. Braam" at Jul 13, 96 12:54 pm

Peter J. Braam wrote:
> 
> I wonder if the following has been considered already.
> 
> Many security issues would be helped if there was one extra user which
> could su to any other user, but not to uid zero. Let's call this user
> "super".
> ...
> Programs running as super could mess up users files, but not the 
> "system"    
> files owned by root, which strikes me as a definite advantage.

This idea, like the NFS uid=0 to nobody mapping, works on systems with
only one privileged account: everything in root's path is owned by root
and writable only by root. This idea offers little advantage on systems
where system programs and directories are owned by non-root accounts
and/or are group writable.

	Wietse

home help back first fref pref prev next nref lref last post