Navigation
Recherche
|
[$] Sticky groups in the shadows
vendredi 14 mai 2021, 17:58 , par LWN.net
Group membership is normally used to grant access to some resource;
examples might include using groups to control access to a shared directory, a printer, or the ability to use tools like sudo. It is possible, though, to use group membership to deny access to a resource instead, and some administrators make use of that feature. But groups only work as a negative credential if the user cannot shed them at will. Occasionally, some way to escape a group has turned up, resulting in vulnerabilities on systems where they are used to block access; despite fixes in the past, it turns out that there is still a potential problem with groups and user namespaces; this patch set from Giuseppe Scrivano seeks to mitigate it through the creation of 'shadow' groups.
https://lwn.net/Articles/855943/rss
|
56 sources (32 en français)
Date Actuelle
ven. 26 avril - 01:34 CEST
|