[redhat-lspp] Re: MLS enforcing PTYs, sshd, and newrole
Michael C Thompson
thompsmc at us.ibm.com
Thu Oct 12 15:16:54 UTC 2006
Klaus Weidner wrote:
> Of course, people deploying a system that's based on the LSPP
> configuration can choose to deviate from the evaluated configuration
> based on their own risk assessment. This could include restoring general
> access to "newrole" if they don't consider the PTY exploit to be a
> concern.
And if you want polyinstation, then an suid newrole needs to be available :)
More information about the redhat-lspp
mailing list