> > No, but then you can hardly eliminate root can you? ;)
> That's what we did on Sidewinder. It's a liability in a highly secure
> system, not a benefit. Nobody, not even root, can bypass the
> mandatory aspects of the security mechanisms while the system is in
> normal operation and on the Net.
Oh, ok. I thought it wasn't possible.
I'm happy that root is just a name for uid 0, but what about
processes that need to be started at boot time? Will it be
possible to run these at boot time without an entry for root in
the password file, and without the setuid bits on executable
If it is, then this seems like a fine security measure for a
Martin Cooper http://www.foobar.co.uk/~mjc/ mjc @
Foobar Internet http://www.foobar.co.uk/ sales @
Phone: +44 (0)116 2330033 Fax: +44 (0)116 2330035
The Magazine Business Centre, Newarke Street, LEICESTER, LE1 5SS