Re: Trusted Path Execution
1 set the noexec mount option on any filesystem that you don't want
executanles running on.
2 use acls to prevent execution of files, the bsd Mac framework is the
way to go
Ie remove executable bit on all files for everyone and leave hoe owner
and group then add users to the necessary groups
Only issue is monitoring newly created files and the bits set, default
umask can help
Regards
Daniel
Regards
Daniel
On 3/2/09, Paige Thompson <erratic@devel.ws> wrote:
> I would like to know that there is or is not a way to prevent users from
> executing binaries that are not owned by root or that the user is in a
> particular group. Is this something I can achieve with TrustedBSD's MAC
> framework?
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>
--
Sent from my mobile device
http://buymeahouse.stiw.org/
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)