Best way to gain root privileges
Alexander Kapps
alex.kapps at web.de
Fri Feb 18 15:21:15 EST 2011
On 18.02.2011 15:22, Adam Skutt wrote:
> On Feb 18, 9:04 am, Ricardo Aráoz<ricar... at gmail.com> wrote:
>
>> Many a time I have wanted to allow access to certain privileges to a user but *only*
>> through a program. As far as security is concerned it would be enough
>> that only root has permission to give the said program running
>> privileges (privileges different from those of the user that is actually
>> running it), that only allowed users may modify the program, and that
>> *other* users may only run it. This would address the issue of someone
>> modifying the program to gain access to it's privileges. Now, if someone
>> is able to gain illegal privileges to modify the program, then there
>> *is* a security hole and the program is not really the problem.
>
> sudo already does this to a limited degree. If you want more
> granularity than sudo, you're looking at mandatory access controls.
>
> Adam
IIUC, than SELinux can also help, since it allows program-specific
permissions. But I could easily be wrong here since I have yet to
really learn SElinux.
More information about the Python-list
mailing list