Henning Hucke wrote:
Which system is obviously marking such mails as SPAM and why!?
I have no idea :(
On Sat, 5 Aug 2006, Crispin Cowan wrote:
The protections offered by chroot are redundant with the protections offered by AppArmor.
Don't forget to mention that he should find all and every hard/soft link to the server and refer to the AppArmor profile (is this possible? Otherwise *copy* the Profile <shiver/>) for the case that a link instead of the "original" binary is used. <sigh/>
Well, no, that is not correct. AppArmor offers no protection for unconfined processes. You cannot force someone with an unconfined shell to only execute programs under an AppArmor profile, because they can just copy the program itself to another place and run it. If you want to defend your system against a shell user, you must confine their shell in the first place. If you have confined their shell, then you only give them execute permissions to the programs you want them to be able to execute, and under the policies you desire. You don't need to worry about strange aliases, because the confined shell has no permission to execute them anyway. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com Hack: adroit engineering solution to an unanticipated problem Hacker: one who is adroit at pounding round pegs into square holes