FreeBSD and User Security
v.velox at vvelox.net
Sat Jun 14 22:39:21 UTC 2008
On Wed, 11 Jun 2008 22:25:32 +0200
David Naylor <naylor.b.david at gmail.com> wrote:
> Hi All,
> Today I read an article describing how my government had lost
> ZAR200 000 000 from fraud. This is just under $25 000 000. The
> article credited this loss largely due to the use of spyware.
> My question is how secure is FreeBSD (including KDE, GNOME and
> XFCE) to attacks, including cracking and spyware. In addition, is
> there anyway to prevent a user from executing a program that is not
> owned by root (i.e. any program installed by the user), this would
> prevent spyware being installed (assuming root has been properly
> locked down) and subsequently run.
Ugidfw(8) can be used to help with the executable stuff. The same is
true for using a restricted shell. The important thing is making sure
to make sure the user can't execute any thing other than the few
commands they are suppose to. If allowed access to execute any thing
in a system bin/sbin path, you begin to run into issues with
interpreters, which are as good as being able to execute something
owned by them. You can remove permissions to access them, but that
strikes me as beginning to get a bit hairy in the long run.
More information about the freebsd-questions