RE: Restricted Shells or Menu Based Shells
From: Hiemstra, Brenno (brenno.hiemstra@ignite.nl)Date: 02/27/02
- Previous message: Sumit Dhar: "Re: Restricted Shells or Menu Based Shells"
- Maybe in reply to: Terrence Martin: "Restricted Shells or Menu Based Shells"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Hiemstra, Brenno" <brenno.hiemstra@ignite.nl> To: "'Jens Benecke'" <jens@jensbenecke.de>, Terrence Martin <twm139@its.to> Date: Wed, 27 Feb 2002 07:33:35 +0100
All,
Little add-on to this grsecurity.net thingie...
You can also use the patch which combines the grsecurity.net
and lids patches in one main patch. Basically someone removed
the ACL part in the grsecurity.net patch and replaced it with the
ACL of lids.
http://roedie.falcon5.nl/downloads/lids/v2.4/linux-2.4.17-lids1.1.1pre5-grse
curity1.93a.2.patch.bz2
This is an experimental patch but it should run pretty stable.
Regards,
Brenno
Other resources:
www.lids.org
> You might also want to consider www.grsecurity.net. It's a kernel patch
> that allows you (among a lot of other interesting features) to (quote)
>
>
> "CONFIG_GRKERNSEC_TPE
>
> "If you say Y here, you will be able to choose a gid to add to
> the supplementary groups of users you want to mark as
> "untrusted." These users will not be able to execute any files
> that are not in root-owned directories writeable only by root.
> If the sysctl option is enabled, a sysctl option with name "tpe"
> is created."
>
> (unquote)
>
>
- Previous message: Sumit Dhar: "Re: Restricted Shells or Menu Based Shells"
- Maybe in reply to: Terrence Martin: "Restricted Shells or Menu Based Shells"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
