Re: protecting /sbin and /usr/local/sbin
From: Matt Piechota (piechota@argolis.org)
Date: 09/13/01
- Next message: Gavin Grabias: "Log Files"
- Previous message: Peter Pentchev: "Re: Default user directory (adduser) filemode"
- In reply to: Kris Kennaway: "Re: protecting /sbin and /usr/local/sbin"
- Next in thread: louie miranda: "Re: protecting /sbin and /usr/local/sbin"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 13 Sep 2001 11:37:51 -0400 (EDT) From: Matt Piechota <piechota@argolis.org> To: Kris Kennaway <kris@obsecurity.org>
On Wed, 12 Sep 2001, Kris Kennaway wrote:
> You can do it, but if your system relies on non-root users executing
> these commands, bits will obviously fail. I think you're probably
> overreacting, though.
Plus, you're going to have to clamp down on compiling and such. Some one
could go find the source for whatever command and compile up their own
copy. Of course they could compile their own binary somewhere else and
transfer it over as well. You could make it harder for them, but you're
not going to be able to stop them from running the commands in question.
-- Matt Piechota Finger piechota@emailempire.com for PGP key AOL IM: cithaeron To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Gavin Grabias: "Log Files"
- Previous message: Peter Pentchev: "Re: Default user directory (adduser) filemode"
- In reply to: Kris Kennaway: "Re: protecting /sbin and /usr/local/sbin"
- Next in thread: louie miranda: "Re: protecting /sbin and /usr/local/sbin"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
