Re: Locking Down a Linux BoxFrom: ellipse (email@example.com)
- Previous message: Jose Nazario: "Re: About named port binding"
- In reply to: firstname.lastname@example.org: "Re: Locking Down a Linux Box"
- Next in thread: Scott Gifford: "Re: Locking Down a Linux Box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 7 Jan 2002 08:39:21 -0700 (MST) From: ellipse <email@example.com> To: firstname.lastname@example.org
> True - look at the rootkits that include copies of pico.
Even without pico, vi, emacs, or cat for that matter, the only way to
ensure that a local user couldn't edit files would be to pull down the
source of a shell, remove the "echo" functionality, remove redirects, and
alter the ability of pipes to only permit piping between certain commands.
Of course, what you have left of UNIX, or an operating system for that
matter, is subject to anybody's wildest guess.