-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 24 November 2003 10:17, Steven Leikeim wrote: <SNIP> > There is a simpler solution. Place user files on a separate filesystem > from system files. This includes putting all temporary files on separate > filesystems of their own. (Both /tmp and /var/tmp.) Since hard links > cannot cross filesystems the problem disappears. Mounting user filesystems > nosuid and nodev will prevent security problems should a setuid binary > appear in that filesystem.
And a mandatory system profile in /etc , which aliases ln as 'ln -s' might help. One for each valid shell. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/xSbQJi2cv3XsiSARAm5CAJwPkETRJxLWAXw3M+B8jjfUwr38aQCeNzU/ 4AjEdIIdmXmIHA6pYWjb1ao= =FIsi -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
