Mailinglist Archive: opensuse-security (49 mails)

< Previous Next >
Re: [opensuse-security] Restrict ssh command execution
  • From: Crispin Cowan <crispin@xxxxxxxxxx>
  • Date: Mon, 18 Dec 2006 01:14:34 -0800
  • Message-id: <45865BFA.5090707@xxxxxxxxxx>
Boyan Tabakov wrote:
> True! These techniques combined offer great flexibility that does not
> sacrifice security. In my particular case, however, the command being
> executed should not be subject to 'twisting' of its normal behavior.
What is the command? Or is it privately developed? Or secret?

If privately developed, you are assuming that your developers write
perfect code.

If it is just secret to not give attackers a head start, well, ok,
because "security through obscurity", while lame, actually does work on
an ad hoc one-shot basis. It just falls apart when scaled up to where
everyone uses it.

> Also,
> AppArmor is not around when you don't have SuSE...
>
AppArmor ports are available for Slackware, Ubuntu, Gentoo, and Pardus
Linux. I would love to have ports & maintainers for other distros as
well, precisely so that you can use AppArmor any where you want. Ports
are especially needed for Debian proper (should be an easy port from
Ubuntu or Gentoo) and Red Hat. Which distro were you needing it on?

Crispin

--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com
Hacking is exploiting the gap between "intent" and "implementation"

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups