-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Fahad Sadah:
> Out of interest, how would these limited rights be implemented?
using a set of small, secure setuid programs i would write for the
purpose.
we can't use sudo because there's no way to say "allow this user to run
kill as root as long as
On Thu, Aug 27, 2009 at 11:54 AM, Merlijn van Deen wrote:
> I would not be too certain about that. For example, buffer overflows are
> generally only a security problem when they happen in suid-root programs -
> this is why programs designed to be suid root have thorough checks on such
> problems.
On Thu, August 27, 2009 4:23 pm, Aryeh Gregor wrote:
> But you're not going to get root access using shutdown or kill or
> /etc/init.d/apache.
I would not be too certain about that. For example, buffer overflows are
generally only a security problem when they happen in suid-root programs -
this is
On Thu, Aug 27, 2009 at 4:14 AM, Leszek Krupinski wrote:
> Daemon? Why not just sudo?
Or Solaris roles or whatever they're called, on the Solaris machines.
(Whatever it is pfexec does.) MySQL wouldn't even need that; just
assign the account the right to view process lists and kill processes.
On
On Thu, Aug 27, 2009 at 8:12 AM, River
Tarnell wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> so, sometimes we've had problems with the Toolserver that required an
> admin, but an admin wasn't always around. some of these problems are
> complicated, but others are simple, and can be
2009/8/27 Henrik Hodne :
> On 27. aug. 2009, at 10.14, Leszek Krupinski wrote:
>
>> On Thu, Aug 27, 2009 at 10:06 AM, Henrik Hodne
>> wrote:
Out of interest, how would these limited rights be implemented?
>>>
>>> I would guess that the easiest way would be some kind of daemon
>>> running as r
On 27. aug. 2009, at 10.14, Leszek Krupinski wrote:
> On Thu, Aug 27, 2009 at 10:06 AM, Henrik Hodne
> wrote:
>>> Out of interest, how would these limited rights be implemented?
>>
>> I would guess that the easiest way would be some kind of daemon
>> running as root.
>
> Daemon? Why not just su
On Thu, Aug 27, 2009 at 10:06 AM, Henrik Hodne wrote:
>> Out of interest, how would these limited rights be implemented?
>
> I would guess that the easiest way would be some kind of daemon
> running as root.
Daemon? Why not just sudo?
--leafnode
___
To
On 27. aug. 2009, at 09.44, Fahad Sadah
wrote:
>> does this seem like something that would be helpful? and, if we
>> introduced it, would anyone be interested in such privileges? (we
>> would
>> probably require a good knowledge of Unix and at least some
>> experience
>> with system admin
> does this seem like something that would be helpful? and, if we
> introduced it, would anyone be interested in such privileges? (we would
> probably require a good knowledge of Unix and at least some experience
> with system administration.)
I am interested. I have plenty of experience with Un
10 matches
Mail list logo
