Re: Question about knoppix terminalserver and "secure" Option
On Thu, May 04, 2006 at 02:20:01PM +0200, Martin Herweg wrote:
> Hi!
>
> what does the "secure" option exactly ?
It disables ALL "suid" programs via mount -o nosuid (i.e. you canot do
"sudo" or "mount" anymore as normal user), and there are no more root
consoles.
You cannot even "ping" a computer anymore because this requires root
privileges. The only thing you could do to gain root access is maybe a
local exploit, if you find one.
This mode is intended for internet cafes and surf stations, and the user
is not allowed to write to the harddisk anymore as well. It's supposed
to provide decent protection against destructive users.
> what I'd like to have is:
> * user is allowed to access USB-memorystick R&W
Negative, this would require root privileges for "mount".
What you COULD do is, add a "knoppix.sh" script that automatically
mounts a stick rw,sync when the system boots up. But the stick will stay
mounted, and cannot be unmounted by the user.
Or, maybe use mtools to access writable media without mounting.
It should be possible to burn CDs without root privileges. But you won't
be able to mount them.
> * user can not become root (su , sudo, ...)
This is the case. If you still find a way to gain root access in
"secure" terminalserver mode, please let me know. ;-)
With kind regards
-Klaus Knopper
Reply to: