Tom Lane <tgl@sss.pgh.pa.us> writes:
> Greg Stark <stark@enterprisedb.com> writes:
>> I think we're talking at cross purposes here. I think Kai Gai's
>> descriptions make sense if you start with a different set of
>> assumptions. The idea behind SELinux is that each individual object is
>> access controlled and each user has credentials which grant access to
>> specific operations on specific objects. As I understand it part of
>> the goal is to eliminate situations where "setuid" or other forms of
>> privilege escalation is required.
>
> Well, if so, the idea is a miserable failure. SELinux has just as many
> setuid programs as any other Unix, and absolutely zero hope of removing
> them. I am not going to take the idea of "remove setuid" seriously when
> they haven't been able to accomplish it anywhere else.
But can you remove privileges from users to make these programs ineffective?
So even if you obtain root privileges you're missing the SE privilege which
the program expects to use?
-- Gregory Stark EnterpriseDB http://www.enterprisedb.com Ask me about EnterpriseDB's 24x7 Postgres support!