[944] in linux-security and linux-alert archive
Re: Fwd: [linux-security] security idea
daemon@ATHENA.MIT.EDU (Ian Goldberg)
Wed Jul 24 06:33:21 1996
To: linux-security@tarsier.cv.nrao.edu
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: 23 Jul 1996 13:44:53 -0700
-----BEGIN PGP SIGNED MESSAGE-----
In article <Ylume_y00YUz0POG40@andrew.cmu.edu>,
Cosimo Leipold <leipold+@andrew.cmu.edu> wrote:
>You could change some setuid programs to
>exclude access for this one person. This could be done by making them
>group executable and then simply having only that group execute it, but
>including everyone but one user seems to be a pain.
In /etc/group:
lusers::6969:lightman,mitnick
Your programs:
-r-s---r-x 1 root lusers 9397 Aug 8 1995 /usr/bin/traceroute
(Make sure your "newgrp" program doesn't drop your supplementary groups...)
- Ian
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMfU5q0ZRiTErSPb1AQF44gQAn5vmKNjjvcBOJoVA0ibfFEJWyvwSRbe1
TyCJ9UGayREJrIVOdyCAj/7Y+2QjO3qgb25B3ItxuHgQXgHLmBL7nVCvtggsOs47
w/SsDOOVOaNhvF5b4DTCN2XIhnyQSpOiEnulGU4gFZlPKpFWOZhZ7Qiv/FV0j13Z
SJrzbBQ9zpc=
=lS7Q
-----END PGP SIGNATURE-----