Mailinglist Archive: opensuse-security (605 mails)
| < Previous | Next > |
Re: [suse-security] restricting user commands
- From: Markus Gaugusch <markus@xxxxxxxxxxxxxxxx>
- Date: Mon, 1 Oct 2001 22:04:41 +0200 (CEST)
- Message-id: <Pine.LNX.4.40.0110012203490.7238-100000@xxxxxxxxxxxxxxxxxx>
> > That works, but it only stops honest users. A dishonest user
> > will just put equivalent commands in his/her own /bin directory
> > and ignore the fact that s/he is denied access to the ones
> > everyone else uses.
> This should be ommited by mounting the /home filesystem with the
> noexec flag.
As Kurt Seifried already said, it is not a 100% solution. noexec can be
circumvented, but for the first try it es not so bad.
Markus
--
_____________________________ /"\
Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxxxxxxx X Against HTML Mail
/ \
> > will just put equivalent commands in his/her own /bin directory
> > and ignore the fact that s/he is denied access to the ones
> > everyone else uses.
> This should be ommited by mounting the /home filesystem with the
> noexec flag.
As Kurt Seifried already said, it is not a 100% solution. noexec can be
circumvented, but for the first try it es not so bad.
Markus
--
_____________________________ /"\
Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxxxxxxx X Against HTML Mail
/ \
| < Previous | Next > |