>2009/9/20, Javier J. Martínez Cabezón <tazok....@gmail.com>: > Another question that I think grsec lacks is the control of which > SETUID binary could change to which uid (for example, permit only > login to change to the uid 1000 and not 80), or forbid setuid if the > user does not authenticate itself against the kernel (with a password > in for example sshd, so remote exploits which affect priviledge parts > of sshd only could change to uid 22 and not to root or those which > affect login could be controlated)
I was wrong here as you can see here: http://en.wikibooks.org/wiki/Grsecurity/Appendix/Subject_Attributes Sorry by the mistake.
