Re: User?s and Shells

From: Nicole Nicholson (nanicholson@hotmail.com)
Date: 12/27/02

  • Next message: Zow: "Re: User?s and Shells"
    From: "Nicole Nicholson" <nanicholson@hotmail.com>
    To: focus-linux@securityfocus.com
    Date: Fri, 27 Dec 2002 07:44:57 -0800
    
    

    Some other questions & thoughts on this subject...

    (1) What ever became of sudo? I remember it being plagued with some
    problems in the past. Has this become a reasonable alternative to give
    non-privileged users the ability to execute privileged commands?

    (2) CERT has source code for a "noshell" program for Solaris at:
    http://www.cert.org/security-improvement/implementations/i049.02.html
    I'm sure it can ported relatively easily.

    (3) If you are REALLY serious about preventing privilege escalation, and
    don't mind a little kernel hacking, you probably also want to be aware of
    some of the "Trusted" OS projects.
    SE Linux (compliments of our tax dollars):
    http://www.nsa.gov/selinux/index.html
    and TrustedBSD:
    http://www.trustedbsd.org

    These are not to be taken lightly. They are still in development but pose
    an interesting solution to many of the core Unix security problems.

    Cheers.

    -Nicole

    _________________________________________________________________
    MSN 8: advanced junk mail protection and 3 months FREE*.
    http://join.msn.com/?page=features/junkmail&xAPID=42&PS=47575&PI=7324&DI=7474&SU
    http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_advancedjmf_3mf