On Tue, 2007-09-25 at 10:25 +0800, Eduardo Tongson wrote:
> In this case you have to trust the setuid binary but take safety
> precautions. This is where the built-in security mechanisms of the
> distribution comes into play. You could also run it inside a
> disposable virtual machine or run it through mandatory access control.
>
> If the machine where the setuid screen is running has multiple shell
> users and you didn't opt for a disposable virtual machine beware of
> symlink attacks on setuid binaries. Remember to manually remove or
> check whether your distribution removes the suid bit before updating.
Thanks. For now, I'm asking theoretically only. I'm not
seriously concerned about security here (inside the vpn, only
a few people have accounts on these boxes, all trusted users).
disposable virtual machines are a good idea. I don't think
my box can deal with that (too slow :-), but I'll see what
I can do. might be doable.
--
Gerald Timothy Quimpo [EMAIL PROTECTED]
Business Systems Development, KFC/Mr Donut/Ramcar
It is impossible to imagine Goethe or Beethoven being good at
billiards or golf.
-- H.L. Mencken
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
