[944] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: Fwd: [linux-security] security idea

daemon@ATHENA.MIT.EDU (Ian Goldberg)
Wed Jul 24 06:33:21 1996

To: linux-security@tarsier.cv.nrao.edu
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: 23 Jul 1996 13:44:53 -0700

-----BEGIN PGP SIGNED MESSAGE-----

In article <Ylume_y00YUz0POG40@andrew.cmu.edu>,
Cosimo Leipold  <leipold+@andrew.cmu.edu> wrote:
>You could change some setuid programs to
>exclude access for this one person. This could be done by making them
>group executable and then simply having only that group execute it, but
>including everyone but one user seems to be a pain.

In /etc/group:

 lusers::6969:lightman,mitnick

Your programs:

 -r-s---r-x   1 root     lusers       9397 Aug  8  1995 /usr/bin/traceroute


(Make sure your "newgrp" program doesn't drop your supplementary groups...)

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfU5q0ZRiTErSPb1AQF44gQAn5vmKNjjvcBOJoVA0ibfFEJWyvwSRbe1
TyCJ9UGayREJrIVOdyCAj/7Y+2QjO3qgb25B3ItxuHgQXgHLmBL7nVCvtggsOs47
w/SsDOOVOaNhvF5b4DTCN2XIhnyQSpOiEnulGU4gFZlPKpFWOZhZ7Qiv/FV0j13Z
SJrzbBQ9zpc=
=lS7Q
-----END PGP SIGNATURE-----


home help back first fref pref prev next nref lref last post