Re: [expert] A modest security idea for new distribution

2000-06-03 Thread Grzegorz Staniak 

Denis HAVLIK wrote:

[...]

> :~>What I mean is a smallish graphic utility somewhere on the Mandrake
> :~>desktop (it would be great if someone added this to graphic filemanagers
> :~>too) that would let the user to, say, 'lock/seal/secure this
> :~>directory/file' by removing write access (dirs) and executing 'chattr
> :~>+i' (files) through a grpahic 'su' wrapper (ksu/gsu). In a graphic
> :~>manager, such directories/files could be marked in a special way.
> :~>
> :~>Access rights prevent the hypothetical virus from destroying the whole
> :~>system, but what counts most for a user is his own data, after all. A
> :~>tool like above (or a filemanager feature) would IMVHO go a way towards
> :~>avoiding data loss catastrophies, not only virii-related - a mistyped
> :~>'rm -f' would also be less dangerous that way. All it would take would
> :~>be for the user to 'lock' those directories they can't afford to lose.
> :~>
> :~>What do you think?
> 
> Would not help you much. What WOULD help is having all programs started
> from mail programs chrooted to somewhere where they cannot do any damage.

That's OK for e-mail attachments, but the locking thingy would be more
general.I've had a few accidents so far with an imprudent use of 'rm'
('mc' has this bug that sometimes there's a problem with the sub-shell
you get by hitting 'Ctrl-o' - the prompt is not visible, and the 'pwd'
is not what was in the panel). In one case a FAT partition was involved
- tough luck, twelve hours of advanced data recovery training. But in
the case of ext2 partitions, I still think the 'sealer' could be useful
for a typical home user (I can always do exactly the same from
command-line). And of course it doesn't exclude the sandbox for e-mail
attachments in any way, we can have both - too many security options is
not a problem.
 
> Dr. Denis Havlik

-- 
Grzegorz Staniak <[EMAIL PROTECTED]>

Re: [expert] A modest security idea for new distribution

2000-06-02 Thread Denis HAVLIK 

:~>Could you expand on this "chrooted" operation, or at least tell me
:~>where I can RTFM ?? 
:~>vern

Sorry, I thought everyone knows this...

[root@localhost denis]# rpm -qf `which chroot `
sh-utils-2.0-6mdk

man page:

CHROOT(1)  FSF  CHROOT(1)

NAME
   chroot  -  run  command  or interactive shell with special
   root directory

...

SEE ALSO
   The  full documentation for chroot is maintained as a Tex­
   info manual.  If the info and chroot programs are properly
   installed at your site, the command

  info chroot

   should give you access to the complete manual.

info:

File: sh-utils.info,  Node: chroot invocation,  Next: env invocation,
Up: Modi\
fied command invocation

`chroot': Run a command with a different root directory
===

   `chroot' runs a command with a specified root directory.  On many
systems, only the super-user can do this.  Synopses:

 chroot NEWROOT [COMMAND [ARGS]...]
 chroot OPTION

   Ordinarily, filenames are looked up starting at the root of the
directory structure, i.e., `/'.  `chroot' changes the root to the
directory NEWROOT (which must exist) and then runs COMMAND with
optional ARGS.  If COMMAND is not specified, the default is the value
of the `SHELL' environment variable or `/bin/sh' if not set, invoked
with the `-i' option.

   The only options are `--help' and `--version'.  *Note Common
options::.

etc. In my opinion, chroot may be a nice way to fool any future viruses or
trojans. Drawback is that you actually have to install whatever is needed
to read your attachements below this directory, which means that you need
a lot of place for it - it is like having a (subset of) distribution
installed twice. On the other hand, whatever a virus/trojan does it will
do to this "second" system, where it does bother you because it can be
easily detected and repaired, and does not interfere with working of the
system!   

If "place" on HD is not a problem, this is absolutely the best way to deal
with executing mail attachements.

cu
Denis
:~>
:~>Denis HAVLIK wrote:
:~>
:~>> Would not help you much. What WOULD help is having all programs started
:~>> from mail programs chrooted to somewhere where they cannot do any damage.
:~>> 
:~>> my 2c
:~>> 
:~>> Denis
:~>> --
:~>> -
:~>> Dr. Denis Havlik
:~>> Mandrakesoft||| e-mail: [EMAIL PROTECTED]
:~>> Quality Assurance  (@ @)(private: [EMAIL PROTECTED])
:~>> ---oOO--(_)--OOo-
:~>> Hi! I'm a .signature virus! Copy me into your ~/.signature to help me
:~>> spread! ([EMAIL PROTECTED])
:~>

-- 
-
Dr. Denis Havlik
Mandrakesoft||| e-mail: [EMAIL PROTECTED]
Quality Assurance  (@ @)(private: [EMAIL PROTECTED])
---oOO--(_)--OOo-
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me
spread! ([EMAIL PROTECTED])

Re: [expert] A modest security idea for new distribution

2000-06-02 Thread vern 

Could you expand on this "chrooted" operation, or at least tell me
where I can RTFM ?? 
vern

Denis HAVLIK wrote:

> Would not help you much. What WOULD help is having all programs started
> from mail programs chrooted to somewhere where they cannot do any damage.
> 
> my 2c
> 
> Denis
> --
> -
> Dr. Denis Havlik
> Mandrakesoft||| e-mail: [EMAIL PROTECTED]
> Quality Assurance  (@ @)(private: [EMAIL PROTECTED])
> ---oOO--(_)--OOo-
> Hi! I'm a .signature virus! Copy me into your ~/.signature to help me
> spread! ([EMAIL PROTECTED])

Re: [expert] A modest security idea for new distribution

2000-06-02 Thread Denis HAVLIK 

:~>Hi,
:~>
:~>I've been reading all the security info on Outlook virii recently,
:~>installing procmail traps for my users, and discussing with friends the
:~>possibility of such threats appearing on Linux (and unices in general).
:~>While the probability of somebody writing an e-mail client that would
:~>lauch executables with a  single click is (hopefully) a remote one, and
:~>it really takes some effort and a lot of stupidity to use '/bin/sh' as
:~>your Netscape viewer for 'application/x-sh', it seems certain that at
:~>some time in the future Linux will be the target of virus attacks of
:~>sorts. Now, I think one could try (apart from educating users and
:~>avoiding risky 'features' in programs) to help users make their valuable
:~>data more secure by using ext2 file attributes and Linux access rights.
:~>What I mean is a smallish graphic utility somewhere on the Mandrake
:~>desktop (it would be great if someone added this to graphic filemanagers
:~>too) that would let the user to, say, 'lock/seal/secure this
:~>directory/file' by removing write access (dirs) and executing 'chattr
:~>+i' (files) through a grpahic 'su' wrapper (ksu/gsu). In a graphic
:~>manager, such directories/files could be marked in a special way. 
:~>
:~>Access rights prevent the hypothetical virus from destroying the whole
:~>system, but what counts most for a user is his own data, after all. A
:~>tool like above (or a filemanager feature) would IMVHO go a way towards
:~>avoiding data loss catastrophies, not only virii-related - a mistyped
:~>'rm -f' would also be less dangerous that way. All it would take would
:~>be for the user to 'lock' those directories they can't afford to lose.
:~>
:~>What do you think?

Would not help you much. What WOULD help is having all programs started
from mail programs chrooted to somewhere where they cannot do any damage.

my 2c

Denis
-- 
-
Dr. Denis Havlik
Mandrakesoft||| e-mail: [EMAIL PROTECTED]
Quality Assurance  (@ @)(private: [EMAIL PROTECTED])
---oOO--(_)--OOo-
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me
spread! ([EMAIL PROTECTED])

[expert] A modest security idea for new distribution

2000-06-01 Thread Grzegorz Staniak 

Hi,

I've been reading all the security info on Outlook virii recently,
installing procmail traps for my users, and discussing with friends the
possibility of such threats appearing on Linux (and unices in general).
While the probability of somebody writing an e-mail client that would
lauch executables with a  single click is (hopefully) a remote one, and
it really takes some effort and a lot of stupidity to use '/bin/sh' as
your Netscape viewer for 'application/x-sh', it seems certain that at
some time in the future Linux will be the target of virus attacks of
sorts. Now, I think one could try (apart from educating users and
avoiding risky 'features' in programs) to help users make their valuable
data more secure by using ext2 file attributes and Linux access rights.
What I mean is a smallish graphic utility somewhere on the Mandrake
desktop (it would be great if someone added this to graphic filemanagers
too) that would let the user to, say, 'lock/seal/secure this
directory/file' by removing write access (dirs) and executing 'chattr
+i' (files) through a grpahic 'su' wrapper (ksu/gsu). In a graphic
manager, such directories/files could be marked in a special way. 

Access rights prevent the hypothetical virus from destroying the whole
system, but what counts most for a user is his own data, after all. A
tool like above (or a filemanager feature) would IMVHO go a way towards
avoiding data loss catastrophies, not only virii-related - a mistyped
'rm -f' would also be less dangerous that way. All it would take would
be for the user to 'lock' those directories they can't afford to lose.

What do you think?

-- 
Grzegorz Staniak <[EMAIL PROTECTED]>