# The 'kerberosd' user may switch to 'kerberosd-exec' to run untrusted code. | |
20131:20138 | |
# The 'kerberosd-exec' user may not switch back to 'kerberosd' or anywhere else. | |
# Otherwise, compromised code could gain access to sensitive data like | |
# passwords or even switch to 'root'. | |
20138:20138 |