On Sat, 25 Mar 2006 at 17:36 -0600, Michael Halcrow wrote: > On Sat, Mar 25, 2006 at 02:53:12PM -0800, [EMAIL PROTECTED] wrote: > > On Sat, 25 Mar 2006, Michael Halcrow wrote: > > >On Sat, Mar 25, 2006 at 10:45:08PM +0000, Jason Holt wrote: > > >>On Sat, 25 Mar 2006, Jeff Schroeder wrote: > > >>perl `cat /tmp/myscript.pl` > > > > > >I repeat: SE Linux... > > > > Is there really a way for SE Linux to allow a user access to perl, > > but disallow access to perl scripts in /tmp/? > > ... > > Would it allow the person to cat /tmp/myscript.pl, then run "perl", > > then type the program in by hand? > > I think what you really want is to prevent the user from accessing any > resources that he shouldn't, regardless of the method (a C program, > Perl, Bash commands, etc.). You could run around making scripts in > certain path locations non-executable (then you open a can of worms w/ > namespaces, hard links, and so forth), or you could just write a set > of policies that say what the user should and should not be able to > manipulate on a system and sleep soundly at night.
So SE Linux is what he needs, not what he wants. It's good to hear this clarification because I was thinking either you had fallen off your rocker or that SE Linux had some very deep magic indeed if it could prevent you from running a script that is (was?) in /tmp. -- Hans Fugal ; http://hans.fugal.net There's nothing remarkable about it. All one has to do is hit the right keys at the right time and the instrument plays itself. -- Johann Sebastian Bach
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
