[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: <no subject>

To: securedistros@nl.linux.org
Subject: Re: <no subject>
From: Balazs Scheidler <bazsi@balabit.hu>
Date: Thu, 26 Jul 2001 11:15:31 +0200
In-Reply-To: <20010725115329.A6337@Megaglobal.net>; from mike@Westphila.net on Wed, Jul 25, 2001 at 11:53:29AM -0400
References: <Pine.LNX.4.21.0107192209570.8549-100000@maul.deepsky.com> <20010725173403.D7094@wiggy.net> <20010725115329.A6337@Megaglobal.net>
Reply-To: securedistros@nl.linux.org
Sender: owner-securedistros@nl.linux.org
User-Agent: Mutt/1.2.5i

On Wed, Jul 25, 2001 at 11:53:29AM -0400, Michael wrote:
> >>> wichert@wiggy.net wrote a 0.5KB message. i replied ..........................
> > Previously B.C.J.O wrote:
> > > I had assumed that this list had died.
> > 
> > It seems to refuse to die :)
> 
> I dont see any particular reason why the list should die..
> 
> Here's a topic:
> 
> 	What are your favorite home-grown hardening techniques?
> 
> By home-grown, I mean that you're not just downloading bastille..
> I'm thinking about serious do-it-yourselfness..

We're using restrict (http://www.balabit.hu/downloads/restrict/) to force
programs into a chrooted jail.

It is a preloadable shared object, running before main() of the program to
be run. It is capable of changing the uid/gid, secondary groups, chroot dir,
capabilities of the program. (yes, it is possible to run a program non-root
with some capabilities)

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
-
Securedistros: A common list for all secured Linux distributions
Archive:       http://mail.nl.linux.org/spamfilter/

References:
- Re: <no subject>
  - From: "B.C.J.O" <fade@deepsky.com>
- Re: <no subject>
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: <no subject>
  - From: Michael <mike@Westphila.net>

Prev by Date: Re: <no subject>
Prev by thread: Re: <no subject>
Index(es):
- Date
- Thread