On Sun, Feb 08, 2004 at 06:58:11PM +0200, Arik Baratz wrote: > > > -----Original Message----- > From: Mark Veltzer [mailto:[EMAIL PROTECTED] > > > 1. The operating system does not, per se, state which applications each user > > can run. If a user has running capabilities then he can launch any executable > > file. Even an executable file which was derived from consulting some greek > > all knowing oracle who can program in binary. > > Nope. It is definitely possible. > > Using group permissions, it is possible to define different levels of users who can > run different applications depending on their group membership. All that's needed > to do is: > > A. put the users in relevant groups > B. restrict execute access to the binaries to the relevant groups > C. prevent the users from running their own binaries, by restricting execution rights > to disk space they can write into > > > 2. The desktop may hide some buttons but this is no guaratee what so ever that > > the user wont be able to launch an application. You better look at buttons as > > fast ways of doing things and not as "you can/can't" separators. This is not > > windows we are talking about. > > You can limit access to the actual binaries, see my previous response. > > > 3. No set of standard desktop applications has been certified as "not allowing > > in some strage way to launch a shell" since launching a shell is absolutely > > allowed in Linux (and encouraged for that matter). > > If your application dictates it, you can indeed restrict a user from running a > shell, using > the mechanism disscussed before. >
I am not sure if that would leave the system in a usable state for the user since quite a few tools use the shell behind the scenes. Test every tool you want accessible before you do that. > > 4. If you take konqueror for example, it will allow you to have a shell > > running inside it. > > Konq. still needs to run the actual shell, and it runs under the UID of the > launching user, > so any restrictions you put on the shell will be reflected by Knoq. > > > 5. The number of ways you could manipulate an application to launch a shell > > for you is so numerous that I can't really think of a large GUI application > > which I CANT launch a shell from by manipulating it in some way. > > If you limit access to the actual shell executables on your system and make sure > everything the user runs is with his own privileges, you can do it. It takes work > but very > possible, I say 1-2 days of tinkering. > > > 6. If this entire concept of yours is some marketing peoples idea for "the > > users not touching our system" go back to them and tell them it's a dream > > On the contrary, it is very possible, and I have seen it done more than once on > various > free-shell accounts and other places. > > > 7. GDM is just the login application and does not control what the user sees > > or does not see on his desktop. The user can even login from GDM to a KDE > > environment. > > Agree. > > > BTW: just for the record - the situation in windows is a lot worse since in > > most windows distributions the user has installation priveleges on the > > machine so he can actually halt the machine (for instance by running an > > installation process which removes critical files) or render the machine > > unbootable. In Linux he could just launch applications and not hurt anyone > > but himself. Quite an improvement. > > Actually Microsoft has enough tools to make it possible. Indeed the original > configuration NT (4.0 and above) comes with does define the global user > Everyone with permission to most of the hard-drive, but it is very possible to > build a machine with the correct permission-set. > > Oh, yes, and disable the RunAs service. > > -- Arik > > ********************************************************************** > This email and attachments have been scanned for > potential proprietary or sensitive information leakage. > > PortAuthority(TM) Server > Keeping Information Inside > Vidius, Inc. > www.vidius.com > ********************************************************************** > > > ================================================================To unsubscribe, send > mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > > +++++++++++++++++++++++++++++++++++++++++++ > This Mail Was Scanned By Mail-seCure System > at the Tel-Aviv University CC. > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
