[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

ssh -l root getting context staff_t is pointless

From: Alexandre Oliva <aoliva redhat com>
To: fedora-selinux-list redhat com
Subject: ssh -l root getting context staff_t is pointless
Date: 04 Apr 2004 04:05:45 -0300

I read previous discussions about it here.  The argument IIRC is that
making the default context staff_t adds a little bit of security.

IMHO, it adds no security whatsoever, since
`ssh -l root hostname -t su -' gets you to sysadm_r without asking for
a password.  So how about changing the default policy such that ssh
selects sysadm_r by default, which should minimize the inconvenience
without really losing anything in terms of security?

-- 
Alexandre Oliva             http://www.ic.unicamp.br/~oliva/
Red Hat Compiler Engineer   aoliva {redhat com, gcc.gnu.org}
Free Software Evangelist  oliva {lsd ic unicamp br, gnu.org}

Follow-Ups:
- Re: ssh -l root getting context staff_t is pointless
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]