Re: Security patches

[Amon Ott <ao@rsbac.org>]

On Montag, 1. Dezember 2003 15:56, Colin Walters wrote:
> On Sat, 2003-11-29 at 04:05, Martin Pitt wrote:
> 
> > - It needs an extra account ("security officer" with UID 400) which is
> >   a pretty bad idea IMHO. Since once you are SO (cracked/sniffed
> >   password etc.), you can alter anything which seems like a giant
> >   security risk to me.
> 
> If the password to any account that can become an administrator is
> cracked, you're generally screwed regardless of what access control
> framework you use (at least if the password is your only method of
> authentication).

This is why some systems, like RSBAC, support strong separation of duty for 
administration: If you hack a single admin account, it is still not 
sufficient to get full control.

Apart from that, you can limit the login paths for all accounts, e.g. only 
allow admin login from the local console.
 
> I gather grsec's admin password can be different from the user
> account's?  Even so, someone who's cracked your account could install a
> trojaned shell in your ~/bin or something, and sniff your admin
> password.

Supposed you have write access to the bin dirs and files or are allowed to 
execute anything, which is not write protected. Cannot tell for grsecurity 
here, but this belongs to the standard RSBAC administration tasks.

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22