Re: harden-clients idea

To: debian-security@lists.debian.org
Subject: Re: harden-clients idea
From: Richard <richard@unixguru.nl>
Date: Wed, 9 Oct 2002 22:47:23 +0200 (CEST)
Message-id: <[🔎] 20021009224015.T308-100000@mail.unixguru.nl>
In-reply-to: <[🔎] 20021008220846.GA2665@gnoll.homeip.net>

On Wed, 9 Oct 2002, Jean-Francois Dive wrote:

> i reckon that the real point is: if your users have access to the network
> from their account with whatever tools or have access to an editor and gcc,
> all of your efforts are gone: just need to use your own copy of whatever_tool_they_like.

If you realy want to harden this kind of threats, then take a look at
rsbac (www.rsbac.org). As of version 1.2 there is support for network
access control.

RSBAC is designed to control access to programs (system calls). So it is
possible to define a set of rules that allow some programs used by some
people. Programs they compile themself (why not deny them access to
make/cc/gcc/etc.) aren't going to run because you didn't defined it.

Greetings,

Richard.

----
Paul Vixie in an interview with Sendmail.net:

Now that the Internet has the full spectrum of humanity as users,
the technology is showing its weakness: it was designed to be
used by friendly, smart people. Spammers, as an example of a class,
are neither friendly nor smart.

Reply to:

References:
- Re: harden-clients idea
  - From: Jean-Francois Dive <jef@linuxbe.org>

Prev by Date: Re: postfix in qmail out proftpd in pureftpd
Next by Date: Packets to 224.0.1.24
Previous by thread: Re: harden-clients idea
Next by thread: Having been open relay for a moment
Index(es):
- Date
- Thread