Re: direct access to devices


From: chief@quasisoft.com
Subject: Re: direct access to devices
Date: Mon, 09 Jul 2001 10:53:12 -0700

Next Article (by Author): Pay nothing for your conference calls! 8616 conferencing@hubang.com
Previous Article (by Author): To: rsbac@rsbac.org b.mesman@snow.nl (Ben Mesman)
Top of Thread: direct access to devices Arkady A Drovosekov
Articles sorted by: [Date] [Author] [Subject]


> Hi,
> did anybody make such thing: disabling direct access to devices (and i/o ports)
> for any processes (except may be init)? Like in system with raised
> securelevel. Any hints?

You can use roles or ACLs.  I find that ACLs are necessary in some instances, 
where roles are not effective.  Generally, roles are much easier to implement, 
though both may be necessary, especially with regard to blocking access to the 
superuser.

-- 

With best regards,

Douglas Ostling
chief@quasisoft.com
Q U A S I S O F T

 .-. "For dignity compos'd and high exploit... all was false and hollow."
 /V\ --Milton, Paradise Lost II
(/ \)
(   )
^^-^^


-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): Pay nothing for your conference calls! 8616 conferencing@hubang.com
Previous Article (by Author): To: rsbac@rsbac.org b.mesman@snow.nl (Ben Mesman)
Top of Thread: direct access to devices Arkady A Drovosekov
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.