[redhat-lspp] Re: MLS enforcing PTYs, sshd, and newrole

[Michael C Thompson]

Klaus Weidner wrote:
> Of course, people deploying a system that's based on the LSPP
> configuration can choose to deviate from the evaluated configuration
> based on their own risk assessment. This could include restoring general
> access to "newrole" if they don't consider the PTY exploit to be a
> concern.

And if you want polyinstation, then an suid newrole needs to be available :)