Bhargava Shastry wrote: > Another question: How does Tomoyo (v1.8/2.4) help defend against a malicious > user with root privileges? For e.g, one can fake a different UID (using *su*) > and obtain permissions associated with that UID. The malicious user with root privileges will not need to fake a different UID because the user already have permissions that the target UID can have. The malicious user without root privileges will not be able to fake a different UID because the user will not know the target user's password. I couldn't understand what you want to do. But if what you want to do is to restrict execution of su command based on UID, you can do like below. file execute /bin/su task.uid=0 allows execution of /bin/su by only root user, and file execute /bin/su task.uid!=0 allows execution of /bin/su by only non-root users. Please see http://tomoyo.sourceforge.jp/1.8/chapter-10.html for available conditions.
TOMOYO
Fork