[luau] restricting directory access
Warren Togami
warren at togami.com
Fri Apr 26 18:26:22 PDT 2002
----- Original Message -----
From: "Jimen Ching" <jching at flex.com>
To: <luau at videl.ics.hawaii.edu>
Sent: Friday, April 26, 2002 10:15 AM
Subject: Re: [luau] restricting directory access
> On Thu, 25 Apr 2002, Warren Togami wrote:
> >> What can a user do with a shell account without access to outside of
their
> >> home directory?
> >Plenty. They can poke around the filesystem looking for local root
> >exploits,
>
> If they can't cd out of their home directory, unless the admin allowed
> this user to install some tool that has a root exploit, I doubt this user
> can do much.
Doing this is currently not possible in the Unix security model. The shell
and all the tools one would expect to use normally in a shell need to be
executable, along with many default config files that must be read by those
tools. chrooting the home directory away from the users would lock these
away from the user. Mandatory access control ACL's would improve this
situation somewhat, but there are several competing MAC implementations for
Linux all of which are incompatible.
More information about the LUAU
mailing list