Mailinglist Archive: opensuse-security (49 mails)

< Previous Next >
Re: [opensuse-security] Restrict ssh command execution
  • From: Boyan Tabakov <blade.alslayer@xxxxxxxxx>
  • Date: Mon, 18 Dec 2006 11:44:42 +0200
  • Message-id: <200612181144.47897.blade.alslayer@xxxxxxxxx>
On 18.12.2006 11:14, Crispin Cowan wrote:
> Boyan Tabakov wrote:
> > True! These techniques combined offer great flexibility that does not
> > sacrifice security. In my particular case, however, the command being
> > executed should not be subject to 'twisting' of its normal behavior.
>
> What is the command? Or is it privately developed? Or secret?
>
> If privately developed, you are assuming that your developers write
> perfect code.
>
> If it is just secret to not give attackers a head start, well, ok,
> because "security through obscurity", while lame, actually does work on
> an ad hoc one-shot basis. It just falls apart when scaled up to where
> everyone uses it.
>
> > Also,
> > AppArmor is not around when you don't have SuSE...
>
> AppArmor ports are available for Slackware, Ubuntu, Gentoo, and Pardus
> Linux. I would love to have ports & maintainers for other distros as
> well, precisely so that you can use AppArmor any where you want. Ports
> are especially needed for Debian proper (should be an easy port from
> Ubuntu or Gentoo) and Red Hat. Which distro were you needing it on?
>
> Crispin

Sorry... no - the command is not secret, nor private (security through
obscurity is something I try not to employ). I just asked the question in
general. In this specific case the command is 'svnserve -t -r /path/to/repo'
with the svnserve setuid to a user that has write access only to the
repository files and nowhere else. I see now that I should have said this in
the beginning, so that it could be taken into account. Yet again, I was
interested in a general solution that could help me elsewhere in the future.

About AppArmor... I an not having in mind particular distro. I am currently
using SuSE. Although AppArmor might get ported for other distros too, I think
a good trick would be something that does not rely on much more than the
tools used for the immediate action (e.g. sshd and svnserve in my case).
That's why I prefer the authorized_keys one.

Thank to both of you for giving me different perspectives. 'There is more than
one way to do it!'

--
Blade hails you...

Bury my dreams dig up my sorrows
Oh Lord why
The angels fall first?
--Nightwish
< Previous Next >