Security
Edward L. Taychert
elt at entire.UUCP
Mon Aug 29 23:13:38 AEST 1988
In article <4 at raider.UUCP>, root at raider.UUCP (Bob Reineri) writes:
> They can use shell commands from within either vnews of vi and do anything
> their heart desires (within normal system security, of course). Well, this
> just won't work ! I know there is a 'red' editor, but I hate to confine them
> to that.
> --
I created an /rbin for my guest users and only included (link'ed) in those
commands I wanted them to use. I was particularly concerned about the escape
in mail. Anyway, by denying them write access to their profiles and limiting
their paths to rbin. I think I've implented fair security. (to the best of
my knowledge, no-ones broken it... but don't keep anything sensitive on
the system.) The only shell I keep in /rbin is rsh. It seems that I don't
allow guest users to do very much, but its enough to implement a bbs like
system.
I belive I tried out VI and it was secure this way, but I don't give them
VI because its so complicated... I have a stripped down micro-emacs
I provide.
--
____________________________________________________________________________
Ed Taychert Phone: USA (716) 381-7500
Entire Inc. UUCP: rochester!rocksanne!entire!elt
445 E. Commercial Street
East Rochester, N.Y. 14445
_____________________________________________________________________________
More information about the Comp.unix.xenix
mailing list