[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV securing Lynx for boxed-in environments.
From: |
William Yang |
Subject: |
Re: LYNX-DEV securing Lynx for boxed-in environments. |
Date: |
Mon, 15 Sep 97 13:28:52 EDT |
Benjamin C. W. Sittler wrote something like:
> You might consider running Lynx in a chroot'ed environment containing only
> the commands you wish users to run.
> Alternatively, you could make a new group, "untrusted", and chgrp all
> untrusted executables to it. Any user who was allowed to run these
> executables could be placed in this group. Finally, all the untrusted
> executables could have their global exec permissions removed.
The second option is really not maintainable -- I don't want to spend
the next year going through the thousands of binaries on the system
changing permissions, only to find that their functionality DEPENDS on
those permissions. Then, when I apply a required OS patch or upgrade
a system somehow, things become broken. The justification for adding
an additional LEVEL to the security (which goes beyond simple UNIX
filesystem security) is that it's maintainable and monitorable at a
single point, which makes administration easier and more
cost-effective.
The chroot'd environment is possible... but requires that the
environment be set by soemthing with super-user privileges. Offhand,
it seems safer to set up a system that restricts access at the first
convenient point of entry (the client shell level).
-Bill
--
William D Yang The Greater Columbus Free-Net
address@hidden System Administration & Operation
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;