[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: how do I chroot for users.



On Mon, 19 Jan 1998, Alan DeKok wrote:

>     One of the things I'm going to add to the kernel when I get time
> (and a spare machine) is the concept of "slave" users.  i.e. Anyone
> with uid within a certain range can't execute programs that they own.
> 
>   Give them gcc, and watch them cry "Permission denied? But I chmod +x'd it!"
> 
>   That would solve many problems at ISP's I know.  They'd still be
> able to use buffer overruns, etc. to gain root, but it would be that
> much harder for them to do anything.

Interesting idea. Definetly worth doing. You can conbine it with a
restricted shell to limit the programs they can attack. The only loophole
(as with any restricted shell actually) is that you better not give them
access to any interpreters, like the shell and definetly not perl.

>   Alan DeKok.
> 
> -- 
> To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null
> 

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []