> It would be better (in general) to remove root as a privileged user.
> Try
> http://www.rsbac.de/rsbac/
>
> for a possible implementation.
What about programs that do things like
if(geteuid)
{
printf("Your not root\n");
exit(-1);
}
That is one of the major problems with going a different model, your going
to break a lot of software. Perhaps a necessary breakage at some point.
But then again this goes against the whole UNIX ideology that root aka UID
0 is all powerful. I guess if the system needs to be that secure,
environmental measures need to be taken, like don't have it on publicly
accessable networks, or use secure methods of login access like ssh with
RSA authentication.
I guess it comes down to how much to you really care....
Aaron
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/