Date: Tue, 13 Jan 2004 12:43:09 +0000 From: Matthew Seaman <matthew@cryptosphere.com> To: Jefferson San Juan <Jefferson.San.Juan@hiMolde.no> Cc: freebsd-questions@freebsd.org Subject: Re: binary execute restrictions Message-ID: <20040113124309.GD23956@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <000d01c3d980$5521b6e0$5858269e@JANELLE> References: <000d01c3d980$5521b6e0$5858269e@JANELLE>
next in thread | previous in thread | raw e-mail | index | archive | help
--xB0nW4MQa6jZONgY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jan 13, 2004 at 03:52:49AM +0100, Jefferson San Juan wrote:
> How do I restrict normal users from executing their own compiled executab=
le
> binary files?
> I use FreeBSD 4.9.
This is actually a very difficult problem: FreeBSD is designed to let
people run executables, not to stop them doing that...
Put all of the user home directories on a separate partition which you
mount with the noexec flag.
Make sure that the users have no write access to anywhere outside
their home directories. This includes the various world writable
temporary directories /tmp, /var/tmp, etc. However, not permitting
users to write files in /tmp or /var/tmp will lead to much wailing and
gnashing of teeth, because a lot of applications are going to break.
Investigate setting the TMPDIR environment variable either from
/etc/login.conf or else from /etc/csh.login (for tcsh(1) users) or
/etc/profile (for bash(1) or sh(1) users) to ameliorate that. If you
set TMPDIR=3D${HOME}/tmp each user can have their own private temporary
area under their home directory. Note however that this only has an
advisory effect: not all applications will obey $TMPDIR.
You can mount the shared temporary directories noexec -- which will
work exceeedingly well 99.9% of the time. Investigate mounting /tmp
as a memory filesystem -- see mount_mfs(8) -- as a good way to do
that. Symlink other shared temporary areas to your memory filesystem
if you don't want to have more than one. Nb. One occasion doing this
will definitely cause problems is when you are updating your system by
'make installworld' -- however that is a sufficiently uncommon event
that you can feasibly do a temporary remount of /tmp without noexec in
that case.
Even so, a determined user could probably still work out ways to get
an executable executed, but they'd have to put some effort into
working out how.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--xB0nW4MQa6jZONgY
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAA+fddtESqEQa7a0RAk4IAJ9q0pFkkIqK2mONv/tA9q8VSdFfYQCeLlLY
cq6TquXlawsu0aJPbSmI/ck=
=h4Wm
-----END PGP SIGNATURE-----
--xB0nW4MQa6jZONgY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040113124309.GD23956>