(sent to both debian-user and debian-policy, please be careful with replies)
Nathan E Norman <[EMAIL PROTECTED]> writes: > On Thu, 12 Feb 1998, Paul Miller wrote: > : hmm... how would that stop users from running programs they copied onto my > : server? > Mount the /home partition noexec. In fact, make sure any user writable > partition is mounted noexec. If your users can copy files to /usr, then > you've got a fairly big problem. But what about /var? /var/tmp should be world writable (albeit sticky) according to the FSSTND, but at least a couple of packages use /var for executable files, notably dpkg (/var/lib/dpkg/info/*), and the distributed-net client (/var/lib/distributed-net/distributed-net). (a couple of programs also mistakenly mark data files as executable: /var/qmail/users/assign (qmail) and /tmp/vi.recover/vi.[something] (nvi)) In any case, this solution would work fine if you're able to separate /var and /var/lib, making /var noexec, and ensuring there are no user writable directories withing /var/lib. Is it worth considering a policy change that no system executables should be placed withing /var? BTW, if /var was noexec, it remains possible to have something like /var/lib/distributed-net/distributed-net -> /usr/bin/distributed-net, and still be able to cd /var/lib/distributed-net; ./distributed-net, which, I believe should solve that packages concern that it's .ini file must be `argv[0]'.ini. > Note that this doesn't keep the user from running shell scripts, or perl > scripts, or any other interpreted scripts, unless you limit access to > interpreters (including shells). (and note that in most cases they could just as easily run the interpretor and type the program in themselves anyway. Certainly, I've done the same on one of the uni accounts I use. If you don't want users to run scripts (why?), you'll need to get rid of their access to the interpretors, presumably by running in a chroot environment...) > Of course, you could mount the /home > directory read-only, but that limits its utility. And the /tmp and /var/tmp directories as well. Which kinda limits their utility too. Cheers, aj -- Anthony Towns <[EMAIL PROTECTED]> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. PGP encrypted mail preferred. ``It's not a vision, or a fear. It's just a thought.'' -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
