Re: wish list

[Roman Drahtmueller <draht@uni-freiburg.de>]

> 
> possibly group catagorzation for ping and su
> i.e. su is only able to be executed by a person in the group of "su"
> likewise for ping & traceroute and have that defined in the setup who
> would have access to that.. instead of a basic out-of-box install of just
> plain anyone who has an account on the box can use su, ping & traceroute.
> 

There's one thing I definitely don't want to see in such "secure"
implementations of standard functions: That people reinvent the wheel.

I believe that the most interesting aspect of such a distribution is that
standard unix security problems could be circumvented by lowering the
required (temporary) privileges for certain services and thereby
increasing the overall security level of the system.
 Example: apache needs to be started as root because it needs bind() on
port 80 (< 1024). It would be desirable that bind() on port 80 can not
only succeed for root but for userid wwwrun, too. 
 If you are able to argue that it is as difficult to become another user
as to become root, it is a win.

In other words: Don't think so "binary" as 
	"yes or no" or 
	"suser() or not".
Modularize!

If someone needs access to ping, give him group ping, chmod 6750 /bin/ping
and chgrp ping /bin/ping (and prolly chmod again...). This is rather old.

We need a fully transparent model to distribute access permissions on top
of the old one to preserve portability and compatibility. 

No registry please.

Roman.
-- 
 _                                                                   _
| Roman Drahtmüller              "You don't need eyes to see,         |
  CC University of Freiburg       you need vision."
| email: draht@uni-freiburg.de     - Maxi Jazz, Faithless             |    
 -                                                                   -


-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/