Re: direct access to devices

From: chief@quasisoft.com
Subject: Re: direct access to devices
Date: Mon, 09 Jul 2001 10:53:12 -0700

Next Article (by Date): Re: rsbac-v1.1.2-pre6 uploaded Amon Ott
Previous Article (by Date): rsbac-v1.1.2-pre6 uploaded Amon Ott
Top of Thread: direct access to devices Arkady A Drovosekov
Articles sorted by: [Date] [Author] [Subject]

> Hi,
> did anybody make such thing: disabling direct access to devices (and i/o ports)
> for any processes (except may be init)? Like in system with raised
> securelevel. Any hints?

You can use roles or ACLs.  I find that ACLs are necessary in some instances, 
where roles are not effective.  Generally, roles are much easier to implement, 
though both may be necessary, especially with regard to blocking access to the 
superuser.

-- 

With best regards,

Douglas Ostling
chief@quasisoft.com
Q U A S I S O F T

 .-. "For dignity compos'd and high exploit... all was false and hollow."
 /V\ --Milton, Paradise Lost II
(/ \)
(   )
^^-^^


-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: rsbac-v1.1.2-pre6 uploaded Amon Ott
Previous Article (by Date): rsbac-v1.1.2-pre6 uploaded Amon Ott
Top of Thread: direct access to devices Arkady A Drovosekov
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.