[aclug-L] Re: Security concerns
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Tue, 12 Sep 2000, Michael Holmes wrote:
> I am wanting to use <(iopl) & (outb)> ---> unistd.h & asm/io.h
> It can only be used from root. It is to be used on a robot to
> be used by operators who we want to keep resticted to a user
> directory. I will write a control program which will call this
> <driver> It's authority will be user execute. Will they be
> able to sneak by security?
So let me see if I understand correctly:
1) 'driver' has to be run as root
2) 'control', which calls 'driver', will be run by the operators
3) you want to restrict the operators to a user directory
My suggestion for that would be:
1) make 'driver' setuid or have the operators run 'control'
with 'sudo'.
2) forget #3. Unless you really really want to try to keep someone
in a chroot 'jail'. Keeping someone inside a certain directory
is difficult -- you must copy all the programs, libraries,
device files, config files, etc that they will use into the
chroot structure. Then you cross your fingers that they don't
get creative on you and break out. Unless you have other
concerns driving this one, go with the typical unix setup and
rely on filesystem permissions to keep your users from doing
harm.
-jeff
--
Churchill's Commentary on Man: Man will occasionally stumble over the
truth, but most of the time he will pick himself up and continue on.
-- This is the discussion@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
|
|
