Complete.Org: Mailing Lists: Archives: discussion: September 2000:
[aclug-L] Re: Security concerns

[aclug-L] Re: Security concerns

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: ACLUG <discussion@xxxxxxxxx>
Subject: [aclug-L] Re: Security concerns
From: Jeff Schaller <schaller@xxxxxxxxxxxxx>
Date: Wed, 13 Sep 2000 05:45:08 -0500 (CDT)
Reply-to: discussion@xxxxxxxxx

On Tue, 12 Sep 2000, Michael Holmes wrote:

> I am wanting to use <(iopl) & (outb)> ---> unistd.h & asm/io.h
> It can only be used from root.  It is to be used on a robot to
> be used by operators who we want to keep resticted to a user
> directory. I will write a control program which will call this
> <driver> It's authority will be user execute.  Will they be
> able to sneak by security?

So let me see if I understand correctly:
1) 'driver' has to be run as root
2) 'control', which calls 'driver', will be run by the operators
3) you want to restrict the operators to a user directory

My suggestion for that would be:
1) make 'driver' setuid or have the operators run 'control'
   with 'sudo'.
2) forget #3. Unless you really really want to try to keep someone
   in a chroot 'jail'. Keeping someone inside a certain directory
   is difficult -- you must copy all the programs, libraries,
   device files, config files, etc that they will use into the
   chroot structure. Then you cross your fingers that they don't
   get creative on you and break out. Unless you have other
   concerns driving this one, go with the typical unix setup and
   rely on filesystem permissions to keep your users from doing

Churchill's Commentary on Man:  Man will occasionally stumble over the
truth, but most of the time he will pick himself up and continue on. 

-- This is the discussion@xxxxxxxxx list.  To unsubscribe,

[Prev in Thread] Current Thread [Next in Thread]