Best way to gain root privileges

Alexander Kapps alex.kapps at web.de
Fri Feb 18 21:21:15 CET 2011


On 18.02.2011 15:22, Adam Skutt wrote:
> On Feb 18, 9:04 am, Ricardo Aráoz<ricar... at gmail.com>  wrote:
>
>> Many a time I have wanted to allow access to certain privileges to a user but *only*
>> through a program. As far as security is concerned it would be enough
>> that only root has permission to give the said program running
>> privileges (privileges different from those of the user that is actually
>> running it), that only allowed users may modify the program, and that
>> *other* users may only run it. This would address the issue of someone
>> modifying the program to gain access to it's privileges. Now, if someone
>> is able to gain illegal privileges to modify the program, then there
>> *is* a security hole and the program is not really the problem.
>
> sudo already does this to a limited degree.  If you want more
> granularity than sudo, you're looking at mandatory access controls.
>
> Adam


IIUC, than SELinux can also help, since it allows program-specific 
permissions. But I could easily be wrong here since I have yet to 
really learn SElinux.




More information about the Python-list mailing list