Security
William E. Davidsen Jr
davidsen at steinmetz.ge.com
Fri Aug 19 04:14:47 AEST 1988
What you need for security falls into a number of areas. uucp security
was addressed in my posting of a few days ago (I absolutely can't mail
any more copies), so here are a few more ideas.
For shell you could run Korn shell (ksh). By setting the PATH variable
and then making it readonly, and using the restricted shell, you can
control what can be executed.
For an editor, I use microemacs in restricted mode. This allows me to
set which command I allow, and to tailor the key maps any way I want.
Finally you can use chroot to place the user in a virtual machine.
There are some problems with this as far as having multiple copies of
software, or having news in its own partition, etc. I run guest users in
a restricted shell, but at one time I had a complete environment
accessable to any caller. I won't claim it was bulletproof, but in a
year no one broke out.
You have to find a balance between having great security and the time
it takes to administer a secure system. Someone has to check fancy logs
if you add them, to keep copies of software in sync, to add and delete
things in the secure environment, etc.
I don't have all the answers, but if you find some way to have a
secure system which isn't more trouble to support, do let me know.
--
bill davidsen (wedu at ge-crd.arpa)
{uunet | philabs | seismo}!steinmetz!crdos1!davidsen
"Stupidity, like virtue, is its own reward" -me
More information about the Comp.unix.xenix
mailing list