Date: Sat, 14 Jun 2008 17:40:39 -0500 From: "Zane C.B." <v.velox@vvelox.net> To: David Naylor <naylor.b.david@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD and User Security Message-ID: <20080614174039.4c7fff96@vixen42> In-Reply-To: <200806112225.36221.naylor.b.david@gmail.com> References: <200806112225.36221.naylor.b.david@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 11 Jun 2008 22:25:32 +0200 David Naylor <naylor.b.david@gmail.com> wrote: > Hi All, > > Today I read an article describing how my government had lost > ZAR200 000 000 from fraud. This is just under $25 000 000. The > article credited this loss largely due to the use of spyware. > > My question is how secure is FreeBSD (including KDE, GNOME and > XFCE) to attacks, including cracking and spyware. In addition, is > there anyway to prevent a user from executing a program that is not > owned by root (i.e. any program installed by the user), this would > prevent spyware being installed (assuming root has been properly > locked down) and subsequently run. Ugidfw(8) can be used to help with the executable stuff. The same is true for using a restricted shell. The important thing is making sure to make sure the user can't execute any thing other than the few commands they are suppose to. If allowed access to execute any thing in a system bin/sbin path, you begin to run into issues with interpreters, which are as good as being able to execute something owned by them. You can remove permissions to access them, but that strikes me as beginning to get a bit hairy in the long run.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080614174039.4c7fff96>