From owner-freebsd-questions@FreeBSD.ORG Thu Jun 12 15:20:42 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E037D106567A for ; Thu, 12 Jun 2008 15:20:42 +0000 (UTC) (envelope-from frank@esperance-linux.co.uk) Received: from mailout.zetnet.co.uk (mailout.zetnet.co.uk [194.247.47.231]) by mx1.freebsd.org (Postfix) with ESMTP id 9F09C8FC17 for ; Thu, 12 Jun 2008 15:20:42 +0000 (UTC) (envelope-from frank@esperance-linux.co.uk) Received: from irwell.zetnet.co.uk ([194.247.47.48] helo=zetnet.co.uk) by mailout.zetnet.co.uk with esmtp (Exim 4.63) (envelope-from ) id 1K6obO-0001EB-2T; Thu, 12 Jun 2008 16:20:38 +0100 Received: from melon.esperance-linux.co.uk (54-144.adsl.zetnet.co.uk [194.247.54.144]) by zetnet.co.uk (8.14.1/8.14.1/Debian-9) with ESMTP id m5CFKbC1018191; Thu, 12 Jun 2008 16:20:37 +0100 Received: by melon.esperance-linux.co.uk (Postfix, from userid 1001) id 1476DFCABAF; Thu, 12 Jun 2008 16:20:10 +0100 (BST) Date: Thu, 12 Jun 2008 16:20:10 +0100 From: Frank Shute To: David Naylor Message-ID: <20080612152010.GA7182@melon.esperance-linux.co.uk> Mail-Followup-To: David Naylor , freebsd-questions@freebsd.org References: <200806112225.36221.naylor.b.david@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200806112225.36221.naylor.b.david@gmail.com> User-Agent: Mutt/1.4.2.3i X-Face: *}~{PHnDTzvXPe'wl_-f%!@+r5; VLhb':*DsX%wEOPg\fDrXWQJf|2\,92"DdS%63t*BHDyQ|OWo@Gfjcd72eaN!4%NE{0]p)ihQ1MyFNtWL X-Operating-System: FreeBSD 6.3-RELEASE-p2 i386 X-Organisation: 'Esperance Linux' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (zetnet.co.uk [194.247.46.1]); Thu, 12 Jun 2008 16:20:37 +0100 (BST) Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD and User Security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Frank Shute List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jun 2008 15:20:43 -0000 On Wed, Jun 11, 2008 at 10:25:32PM +0200, David Naylor wrote: > > Hi All, > > Today I read an article describing how my government had lost ZAR200 000 000 > from fraud. This is just under $25 000 000. The article credited this loss > largely due to the use of spyware. > > My question is how secure is FreeBSD (including KDE, GNOME and XFCE) to > attacks, including cracking and spyware. In addition, is there anyway to > prevent a user from executing a program that is not owned by root (i.e. any > program installed by the user), this would prevent spyware being installed > (assuming root has been properly locked down) and subsequently run. > > If anyone, in addition, has answers for Linux and *BSD it would be great to > know as well. You might want to have a look at using a restricted shell for users. I know bash & pdksh have a restricted mode. A quick look at the manpages for sh & csh suggests they don't. Bash and pdksh are in ports. Can't tell you which is best as I haven't used either in restricted mode. > > Best Regards > > David Regards, -- Frank Contact info: http://www.shute.org.uk/misc/contact.html