Some other questions & thoughts on this subject...
(1) What ever became of sudo? I remember it being plagued with some
problems in the past. Has this become a reasonable alternative to give
non-privileged users the ability to execute privileged commands?
(2) CERT has source code for a "noshell" program for Solaris at:
http://www.cert.org/security-improvement/implementations/i049.02.html
I'm sure it can ported relatively easily.
(3) If you are REALLY serious about preventing privilege escalation, and
don't mind a little kernel hacking, you probably also want to be aware of
some of the "Trusted" OS projects.
SE Linux (compliments of our tax dollars):
http://www.nsa.gov/selinux/index.html
and TrustedBSD:
http://www.trustedbsd.org
These are not to be taken lightly. They are still in development but pose
an interesting solution to many of the core Unix security problems.
Cheers.
-Nicole
_________________________________________________________________
MSN 8: advanced junk mail protection and 3 months FREE*.
http://join.msn.com/?page=features/junkmail&xAPID=42&PS=47575&PI=7324&DI=7474&SU=
http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_advancedjmf_3mf
- RE: User?s and Shells Small, Jim
- Re: User?s and Shells Nicole Nicholson
- Re: User?s and Shells Jason Bowman
