John_Cuzzola wrote:
Allthough your reasoning is correct of course, I do not agree that it is not worth the effort.That's kind of the same thing I want to do with a graphical shell on Linux. Maybe it's totally not worth my while to bother with it... (hence all my references to "practicality"). I would love it if there were a file manager program out there that would allow me to set its root directory to the user home directory, for example.*** It really isnt worth the extended effort. Even if you find such a file manager graphical shell the smart kid will simply launch a program that has a "run" option (like StarOffice) and type "xterm" .. viola. Make sure your permissions are set appropriately, and apply relevent patches and you should be ok. (.......)
By allowing users to sniff around in the system, they have a chance to get all sorts of clues on how things really work, which make it easier to try an hack it. Information *is* a part of security, allthough one cannot rely on ignorance of course.
For example, the mere fact that the /etc/passwd file is exposed to every user (even though /etc/shadow is used for the passwords of course) already gives any user a list of all the accounts on the system, as well as information on which shell they use, if any.
Therefore, I do believe it is worthwhile to create a chroot environment, with as little information exposed as possible, especially in an environment where different user accounts have different sets of privileges / environments. in my app, I would make sure that xterm and other similar tools would not be available of course.
Anyway, to set up such a chroot environment for LTSP is something that has been on my TODO-list for some time now (but unfortunately there is many more issues on that darn long list....). I even sort of hacked it together at some point, the problem is to get things done in a proper and decent way, with install scripts, docs and other stuff.
--
Z.
---------------------------------------------------------
If all you have is a hammer, everything looks like a nail
---------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
