Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.ecn.uoknor.edu!news.ysu.edu!news.cps.udayton.edu!news.engr.udayton.edu!blackbird.afit.af.mil!zombie.ncsc.mil!news.mathworks.com!hunter.premier.net!uunet!inXS.uu.net!news.spss.com!newsrelay.netins.net!composer.inav.net!news From: dphill@inav.net (Dean M. Phillips) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: disabling user executables? Date: 27 Jun 1996 22:47:21 GMT Organization: Internet Navigator, Inc. Lines: 25 Message-ID: <4qv31p$an3@composer.inav.net> References: <4q7gv6$1d2@itchy.serv.net> <4qhcgv$md@anorak.coverform.lan> NNTP-Posting-Host: dip36.inav.net X-Newsreader: knews 0.9.3 In article <4qhcgv$md@anorak.coverform.lan>, brian@awfulhak.demon.co.uk (Brian Somers) writes: >Sean T. Lamont (zeno@serv.net) wrote: >: Has someone made a kernel patch which disables executing programs >: that aren't root-owned? > >This is a strange question... wouldn't you be better off asking if >there's a restricted shell for FreeBSD. > >If you really want to fail execs of non-root owned files, you could >have a look at doing something with *uap->argv and imgp->attr in >execve() in /sys/kern/kern_exec.c > >-- >Brian <brian@awfulhak.demon.co.uk> >Don't _EVER_ lose your sense of humour.... Why not put all your users in their own partition and mount it as /home with the noexec option? Similarly mount /tmp with the noexec option. _________________________________________________________________________ Dean M. Phillips PGP mail encouraged dphill@inav.net Office: 319-395-8810 (this month) Home: 319-373-9825 PGP key on server, ID: 2CE87FB5