[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] OT: harden solaris
Thank you very much for pointing this out, my bad :) cheers, Alexander Chris Arnold <[email protected]> writes: > Loopback filesystems are available under Solaris 2.6, 7 and 8. They're > quite useful really especially in chroot environments. > > root@impunity: / +> mount > ... > /export/home on /dev/dsk/c0t3d0s4 > read/write/setuid/intr/largefiles/onerror=panic/dev=80001c on Thu Apr 19 > 14:03:49 2001 > ... > root@impunity: / +> mkdir /tmp/a > root@impunity: / +> mount -F lofs /export/home /tmp/a > root@impunity: / +> cd /tmp/a > > Chris > > -----Original Message----- > From: Alexander Hoogerhuis [mailto:[email protected]] > Sent: Monday, April 16, 2001 6:05 PM > To: Hartmann, Josef > Cc: [email protected] > Subject: Re: [FW1] OT: harden solaris > > > > > As far as I know Soalris 2.[678] doesn't support mouting any kind of > loopback fs. Feel free to flame me if I am very wrong on this > point. :) > > Apart from that, there are two ways to this that should be acceptably > secure: > > a) use something like /usr/local/bin owned by root:sys with r-x for > owner only, and have statically linked binaries of whatever you need > in here. > > b) (my favourite) Always have /root as homedir for root and owned by > root:sys, and permissions rwx for owner only. Under here you have your > own /root/bin, again with things statically linked so there are no > external dependencies. > > Both of these assume it is only root that needs to execute these > commands, but it could be modified by using a group in the > /usr/local/bin case to include more users. > > Both of these can easily be implemented in the secure driver for > jass-0.2 and quite possibly any other way of installing the machine. > > cheers, > Alexander > > "Hartmann, Josef" <[email protected]> writes: > > > Hi, > > > > thinking about harden solaris but still having a few tools like gzip, > snoop > > etc. I am questioning if solaris can mount an encrypted file using > loopback > > device? > > > > > > Thanks > > Josef > > > > > > > ============================================================================ > ==== > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > > ============================================================================ > ==== > > -- > Alexander Hoogerhuis > FYI: perl -e 'print > $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);' > > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > -- Alexander Hoogerhuis FYI: perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);' ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|