[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux Virus



>>>>> "Ethan" == Ethan Benson <erbenson@alaska.net> writes:

    Ethan> sudo with an ALL=ALL entry is just as dangerous (more so
    Ethan> IMO, because it turns user passwords into multiple root
    Ethan> passwords) then su.

Hopefully one day you will be able to something like this:

Obtain a Kerberos ticket for root so you can su to root without a
password, but use kernel capabilities so only trusted processes (eg. a
trusted xterm session) have access to the ticket file.

Of course you have to remember not to run untrusted processes in the
trusted xterm session (and the attack Ethan describes is still
possible unless you protect the .* files too), but I think it is a lot
better then allowing all processes access.
-- 
Brian May <bam@debian.org>



Reply to: