On 18.02.2011 15:22, Adam Skutt wrote:
On Feb 18, 9:04 am, Ricardo Aráoz<ricar...@gmail.com> wrote:
Many a time I have wanted to allow access to certain privileges to a user but
*only*
through a program. As far as security is concerned it would be enough
that only root has permission to give the said program running
privileges (privileges different from those of the user that is actually
running it), that only allowed users may modify the program, and that
*other* users may only run it. This would address the issue of someone
modifying the program to gain access to it's privileges. Now, if someone
is able to gain illegal privileges to modify the program, then there
*is* a security hole and the program is not really the problem.
sudo already does this to a limited degree. If you want more
granularity than sudo, you're looking at mandatory access controls.
Adam
IIUC, than SELinux can also help, since it allows program-specific
permissions. But I could easily be wrong here since I have yet to
really learn SElinux.
--
http://mail.python.org/mailman/listinfo/python-list
