On Thu, Jan 23, 2003 at 01:45:47PM +0100, DEFFONTAINES Vincent wrote: > You can > 1. Remove the users access to the ssh program > (eg change ownership and rights of /usr/bin/ssh and create a "ssh" group for > allowed outgoing ssh users). > 2. Mount /home, /tmp and any other place users might have write access on > with the "noexec" switch, so they can only use binaries installed (and > allowed to them) on the system.
3. Kindly ask the users not to run '/lib/ld.so.1 /usr/bin/ssh' (or any executable they upload to /home, /tmp, or wherever). Daniel.
