Re: Restricted Shells or Menu Based Shells
From: Derek D. Martin (ddm@mclinux.com)Date: 02/28/02
- Next in thread: Steffen Dettmer: "Re: Restricted Shells or Menu Based Shells"
- Reply: Steffen Dettmer: "Re: Restricted Shells or Menu Based Shells"
- Reply: Christophe Zwecker: "Re: Restricted Shells or Menu Based Shells"
- Reply: Jason Baker: "Re: Restricted Shells or Menu Based Shells"
- Reply: Ben McGinnes: "Re: Restricted Shells or Menu Based Shells"
- Reply: Teodor Cimpoesu: "Re: Restricted Shells or Menu Based Shells"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Feb 2002 11:45:50 -0500 From: "Derek D. Martin" <ddm@mclinux.com> To: focus-linux@securityfocus.com
Jeff Coy said:
> The reason people usually ignore this fact is in general, who cares.
> If you remove my permissions to a file I just upload my own file and use
> it instead.
If one is concerned enough about this happening, it's not that hard to
prevent it, depending on the circumstances.
> Sure, you can turn off my rcp, ftp, & scp, but then I can probably still
> just email myself the file. Sure you can turn off email attachments. There
> are other ways. You'd have to restrict me to my home directory *and* make
> it read-only for this to work. You'd also have to lock me out of /tmp,
> /var/tmp, ...
Well, as others have pointed out, restricted shells in general aren't
so hard to work around. I think the assumption here has to be that
either a) you're going to do lots of othe things to help lock down the
system, or b) the users in question aren't terribly skilled.
However, one need not restrict your use of your home directory, other
than to make sure the filesystem where home directories live are
mounted noexec. Since this was posted on focus-linux, I think it's
safe to assume that anyone interested has the ability to mount
filesystems with the noexec option.
It's easy enough to limit access to /tmp and other tmp dirs by also
giving them the same permissions as the other files in my scheme:
owned by the untrusted group, and no group permissions. That keeps
the untrusted people out of /tmp. Do the same for other tmp dirs, if
you have them (they're symlinks on a lot of systems).
> There's no rule that states I have to run *your* copy except in the case of
> seteuid programs.
If you have an account on my system, and I don't want you to run
binaries on it, you won't, unless you can manage to get root access
(which is also a possiblity if my system has vulnerabilities, but
really really hard if you're limited to an extremely restricted
environment). It's really only a matter of how much effort it is
worth to me to make sure you don't have that ability.
> Trusted groups are a good thing. Denied groups just make me a bit more
> creative, probably increasing my skill set along the way so that I become
> harder to notice.
Having a seperate trusted group provides ZERO additional protection or
functionality to the method I outlined, if you're only worried about
one group of users who can all be put in the same group.
-- Derek Martin Senior System Administrator Mission Critical Linux martin@MissionCriticalLinux.com
- Next in thread: Steffen Dettmer: "Re: Restricted Shells or Menu Based Shells"
- Reply: Steffen Dettmer: "Re: Restricted Shells or Menu Based Shells"
- Reply: Christophe Zwecker: "Re: Restricted Shells or Menu Based Shells"
- Reply: Jason Baker: "Re: Restricted Shells or Menu Based Shells"
- Reply: Ben McGinnes: "Re: Restricted Shells or Menu Based Shells"
- Reply: Teodor Cimpoesu: "Re: Restricted Shells or Menu Based Shells"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
