[grsec] Another ACL question

spender at grsecurity.net spender at grsecurity.net
Thu Dec 9 09:31:40 EST 2004


> There were a lot more commands exercised and there are other subjects in
> root.

If you cat the log file, you can see which application was running them.  
It was most likely a root-run cron script.  This kind of situation will 
be handled with the changes I'm making involving the learning 
configuration file, so that cron's accesses won't be placed into the 
normal usage of the root user.  This would involve doing learning with 
inheritance for cron.

> If I want a minimal root that is essentially like an ordinary user with a
> role_transition to admin, can I remove them from root or will that disable
> them completely for all users?  Or should they be moved to the default
> role - although there is only a housekeeping difference as far as I can
> see as they will still execute as root but under a default role.

Check what app is executing them, and set up inheritance rules, so that 
permission is granted only when that app executes them, not when a user 
in general executes them.

-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20041209/7891e843/attachment.pgp


More information about the grsecurity mailing list