DEFFONTAINES Vincent wrote: > You can > 1. Remove the users access to the ssh program > (eg change ownership and rights of /usr/bin/ssh and create a "ssh" group for > allowed outgoing ssh users). > 2. Mount /home, /tmp and any other place users might have write access on > with the "noexec" switch, so they can only use binaries installed (and > allowed to them) on the system.
Daniel Kobras écrivait : > 3. Kindly ask the users not to run '/lib/ld.so.1 /usr/bin/ssh' (or any > executable they upload to /home, /tmp, or wherever). 4. Chroot them into a filesystem whithout any suid/sgid program 5. Put in this chroot jail only static binaries But far more secure : apt-cache show kernel-patch-2.4-grsecurity Regards, J.C. -- Jean Christophe ANDRÉ <[EMAIL PROTECTED]> http://www.vn.refer.org/ Coordonnateur technique régional / Associé principal technologie projet Reflets Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP) Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam / Note personnelle : merci d'évitez de m'envoyer des fichiers PowerPoint ou \ \ Word ; voir ici : http://www.fsf.org/philosophy/no-word-attachments.fr.html /
