Back in my VMS days (some time ago, anymore) we would deal with things
called "known images." Essentially, VMS maintained a central database of
executibles which would be run with enhanced privileges. It was your
typical opaque VMS thing behind fifteen layers of RMS stuff, but it worked,
and it had one distinct advantage: the system knew, at any time, what and
where *every* privileged executible was. No need for security scanners and
such, just ask.
To top it off, databases like this in VMS could be set up with all kinds of
ACL traps to raise hell every time somebody changes them.
The downside, of course, is that a lookup has to be performed for ever
exec() the system does.
jon
Jonathan Corbet, Eklektix, Inc.
corbet@eklektix.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/