* hypnos said: > On Tue, 4 Jan 2000, Matus "fantomas" Uhlar wrote: > > > newest versions of eggdrop won't work without tcl. you can still disable > > .tcl command which is secure enough then, and you have not to set up > > filesystem for someone to be allowed to put up scripts on it remotely. > > that's enough > > What's to stop a user from compiling eggdrop from Make gcc available only for a certain group of people (e.g. create a 'code' group) and set the noexec,nosuid,nodev (the two latter just for the sake of completness here :)) bits on the partition where the users have their home directories. That way, they won't be able to download a copy of gcc into their directory and so they won't be able to compile it. They will also be unable to execute anything from their directory. The /tmp issue remains, but it can be cured (partly) by setting restrictive quota for this filesystem as well as setting the noexec,nosuid,nodev bits (which introduces some inconveniences - e.g. mc won't be able to execute it's generated shell scripts). > source, and enabling the executing of tcl scripts? The above cures the external tcl script problem, because the user cannot set the exec bit on the downloaded scripts. As to the internals of eggdrop, you can disable the simul tcl command - I'm afraid that's all you can do in that respect... marek
Attachment:
pgpPapoD6g5t5.pgp
Description: PGP signature