-
June 6th, 2007, 08:18 PM
#1
UNIX - Software Restriction Policy?
I am looking to find an equivalent to Software Restriction Policies in Windows, for Open source distributions. Nothing platform specific, I just want to see what is out there. Does anyone know of anything similar?
Here's the link
http://technet.microsoft.com/en-us/l.../bb457006.aspx
Findings would be discussed in a research paper, thanks
-
June 6th, 2007, 08:38 PM
#2
CHMOD.
Only allow a certian group to read/execute it, Done.
-
June 6th, 2007, 08:58 PM
#3
Unfortunately chmod wont stop a user from executing an altered binary they had +x permissions on. Also SRP can deny anything but the installation of signed and approved software. So in short... what happens when a user executes code they loaded themselves?
-
June 6th, 2007, 09:01 PM
#4
found this (ironic it's on this site)
http://antionline.com/archive/index.php/t-272351.html
however I think SRP applies to scripts but I'm not quite sure.
-
June 6th, 2007, 09:07 PM
#5
If you used SPR to disable users from running scripts they wouldnt be able to run scripts. They also wont be able to install programs because they are not root.
-
June 6th, 2007, 10:18 PM
#6
If you used SPR to disable users from running scripts they wouldnt be able to run scripts.
Yes, isn't it great
They also wont be able to install programs because they are not root.
Yes, they could, with permission and a signed installer. It's all in the article . Or are we still talking about linux?
-
June 6th, 2007, 10:48 PM
#7
Yer Im talking about linux. Hmm an answer must be out there...
-
June 6th, 2007, 11:06 PM
#8
school must have let out for summer. I noticed you have successfully spammed the entire front page with your posts.
-
June 7th, 2007, 03:33 AM
#9
-
June 8th, 2007, 09:32 AM
#10
Originally Posted by d34dl0k1
Also SRP can deny anything but the installation of signed and approved software.
Only root can install software.
So in short... what happens when a user executes code they loaded themselves?
To prevent users from installing/running software from their homedirs mount /home noexec. Might want to mount /tmp noexec too.
Oliver's Law:
Experience is something you don't get until just after you need it.
Similar Threads
-
By Spyder32 in forum Miscellaneous Security Discussions
Replies: 1
Last Post: May 27th, 2008, 01:17 PM
-
By Black Cluster in forum Security News
Replies: 0
Last Post: September 21st, 2005, 02:03 AM
-
By gore in forum Operating Systems
Replies: 1
Last Post: October 12th, 2004, 07:29 AM
-
By gore in forum Operating Systems
Replies: 11
Last Post: August 8th, 2004, 05:21 AM
-
By SDK in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: July 21st, 2004, 10:48 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|