[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Securing Linux thr. scripts. (WAs Re: Please Unsubscribe me)


 Please look at userhelper in RHL. Many programs like kppp are actually links to
it. It figure out the name by which it is called. Authenticates the user and let
him run the original program. It's similar to what you are saying but it allows
authenticated access rather than a deny all policy. I haven't yet figured out
how to make it work, with my/some other programs.

Also please correct the subject line. Drifting the subject line is
understandable, but this one was  horribly wrong...


"Unix-Contractor, Wipro (CORP)" wrote:

> - Club all setuid progs in a common directory.
> - Dont mark this directory in '$PATH' so that the user has to explicitely
>   name whole path for invoking a prog.
> - when a user tries to launch some other thing, not in this list (match
>   the command line, you kill that. You can check gid, egid, too.