Re: Did you know ...

[Tighe <emry@accessus.net>]

>both the machines I implemented this on are "single" user systems (a
>laptop and my desktop at work).  By "single" user I don't mean runlevel
>1, I mean they are not accepting connections from other machines (and
>nobody else in our internal network would have a clue on how to make a
>connection - not yet anyway), so I am the only person using these two
>machines at any given time.

Yeah, that is what I meant.  If they are stand alone, then it isn't
important.  Well, it is but, not enough to make you fret about it.

>I will, however, be needing to implement this on our LTSP server with
>"local apps" enabled.  Therefore, before I do that I will need to
>research security issues of "umask" (and also exec vs. noexec).

If anyone has access to the machine on a shell level this could be
something that could be a problem.  A guy in my office here who is doing
the SANS/GIAC training right now says that 80% of breakins are internally
done.  You might also want to add the nosuid tag to those and the /home
mount options.  Just a thought.

Tighe

-- 
Tighe Schlottog		Sys Admin at large	  /emry\"@"/accessus.net\
                             ook ook
"Mr. Wizard, I think I'd rather be a coot than a hacker. Yeah, sure, every
now and then a giant pink-haired ape would come running after me and 
chase me into the lake, but really, could it be that much worse? I'd have
a tiny little brain and wouldn't be expected to worry about anything." 
						-jwz from www.jwz.org

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.