Need some security advice for systemtap
David Smith
dsmith at redhat.com
Tue Jun 5 20:39:45 UTC 2007
Tomasz Chmielewski wrote:
> David Smith schrieb:
>
> (...)
>
>> Some basic ideas about how we can allow users without sudo access to
>> run "blessed" scripts/modules can be seen at
>> <http://sources.redhat.com/bugzilla/show_bug.cgi?id=4523>,
>>
>> So, I'm looking for thoughts, criticisms, pointers, etc. to do this in
>> a manner that won't allow a system to be easily compromised. We're
>> in the fairly early stages of this idea, and I'm looking for direction
>> before heading down the wrong road.
>
> Am I right? Is it security based on md5sum?
That was the basic idea. It would be easy enough to substitute a better
hash function - I'm guessing one of the shaXXXsum would be more robust.
--
David Smith
dsmith at redhat.com
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)
More information about the Fedora-security-list
mailing list