harden-clients idea

To: debian-security@lists.debian.org
Subject: harden-clients idea
From: Kjetil Kjernsmo <kjetil@kjernsmo.net>
Date: Tue, 8 Oct 2002 12:47:32 +0200
Message-id: <[🔎] 200210081247.32167.kjetil@kjernsmo.net>

Hi folks!

I just had an idea the other, er..., night, that still seemed smart when 
I woke up, so I figured I'll post it here in case it is... :-)

The problem with e.g. telnet isn't really that it shouldn't be used for 
anything, but that it shouldn't be used by somebody. It is quite OK to 
use to check what the webserver responds to a particular request, for 
example. But, you wouldn't want ma to use it and send her password in 
cleartext.

What I did was that I changed group ownership of /usr/bin/telnet.netkit 
to staff and made it executable for only root and staff. I figured, 
something like that could harden-clients do too, configurable through 
standard means. 

That way, people with correct privileges could still use telnet for 
sensible things, yet the admin would be warned if they did something 
very careless with other packages. 

Clever? :-)

(I'm not currently subscribed to this list, please keep me on the CC)

Best,

Kjetil
-- 
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net  webmaster@skepsis.no  editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/

Reply to:

Follow-Ups:
- Re: harden-clients idea
  - From: martin f krafft <madduck@debian.org>
- Re: harden-clients idea
  - From: Peter Cordes <peter@llama.nslug.ns.ca>
- Re: harden-clients idea
  - From: Jean-Francois Dive <jef@linuxbe.org>

Prev by Date: Re: Probem with openssh and pam modules
Next by Date: Re: harden-clients idea
Previous by thread: OT: Re: cmon people
Next by thread: Re: harden-clients idea
Index(es):
- Date
- Thread