Mailinglist Archive: opensuse-security (49 mails)

< Previous Next >
Re: [opensuse-security] Restrict ssh command execution
  • From: Boyan Tabakov <blade.alslayer@xxxxxxxxx>
  • Date: Mon, 18 Dec 2006 11:44:42 +0200
  • Message-id: <200612181144.47897.blade.alslayer@xxxxxxxxx>
On 18.12.2006 11:14, Crispin Cowan wrote:
> Boyan Tabakov wrote:
> > True! These techniques combined offer great flexibility that does not
> > sacrifice security. In my particular case, however, the command being
> > executed should not be subject to 'twisting' of its normal behavior.
> What is the command? Or is it privately developed? Or secret?
> If privately developed, you are assuming that your developers write
> perfect code.
> If it is just secret to not give attackers a head start, well, ok,
> because "security through obscurity", while lame, actually does work on
> an ad hoc one-shot basis. It just falls apart when scaled up to where
> everyone uses it.
> > Also,
> > AppArmor is not around when you don't have SuSE...
> AppArmor ports are available for Slackware, Ubuntu, Gentoo, and Pardus
> Linux. I would love to have ports & maintainers for other distros as
> well, precisely so that you can use AppArmor any where you want. Ports
> are especially needed for Debian proper (should be an easy port from
> Ubuntu or Gentoo) and Red Hat. Which distro were you needing it on?
> Crispin

Sorry... no - the command is not secret, nor private (security through
obscurity is something I try not to employ). I just asked the question in
general. In this specific case the command is 'svnserve -t -r /path/to/repo'
with the svnserve setuid to a user that has write access only to the
repository files and nowhere else. I see now that I should have said this in
the beginning, so that it could be taken into account. Yet again, I was
interested in a general solution that could help me elsewhere in the future.

About AppArmor... I an not having in mind particular distro. I am currently
using SuSE. Although AppArmor might get ported for other distros too, I think
a good trick would be something that does not rely on much more than the
tools used for the immediate action (e.g. sshd and svnserve in my case).
That's why I prefer the authorized_keys one.

Thank to both of you for giving me different perspectives. 'There is more than
one way to do it!'

Blade hails you...

Bury my dreams dig up my sorrows
Oh Lord why
The angels fall first?
< Previous Next >