Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: limited functionality accounts (was: Re: History Files)

From: einari () COMPLEX IS (Einar Indridason)
Date: Wed, 26 Apr 2000 16:17:12 +0000


Put them inside a chrooted environment that has only those things that you
explicitly add.  This requires a lot of care with what you add to ensure
you understand exactly what each executable lets people do, and to ensure
you have everything that is required.  If necessary on your system, you
can make sure all binaries are statically linked.


Unfortunately, the glibc stuff (even when "-static"-ically linked)
*will* pull in additional libraries *at runtime* if needed  :-/
and so you would need to provide those libraries *as well* in the chroot
area!

GRRRRRR........

--
einari () complex is
Previous By Date Next
Previous By Thread Next

Current thread: