Date: Mon, 2 Mar 2009 14:21:16 +0900 From: Daniel Marsh <jahilliya@gmail.com> To: Paige Thompson <erratic@devel.ws>, freebsd-security@freebsd.org Subject: Re: Trusted Path Execution Message-ID: <ba5e78ea0903012121l6e43c599ge9326eee62c2011c@mail.gmail.com> In-Reply-To: <5061b39c0903012023hf4a3ccbw886760bdd795f71c@mail.gmail.com> References: <5061b39c0903012023hf4a3ccbw886760bdd795f71c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
1 set the noexec mount option on any filesystem that you don't want executanles running on. 2 use acls to prevent execution of files, the bsd Mac framework is the way to go Ie remove executable bit on all files for everyone and leave hoe owner and group then add users to the necessary groups Only issue is monitoring newly created files and the bits set, default umask can help Regards Daniel Regards Daniel On 3/2/09, Paige Thompson <erratic@devel.ws> wrote: > I would like to know that there is or is not a way to prevent users from > executing binaries that are not owned by root or that the user is in a > particular group. Is this something I can achieve with TrustedBSD's MAC > framework? > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > -- Sent from my mobile device http://buymeahouse.stiw.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ba5e78ea0903012121l6e43c599ge9326eee62c2011c>