El mar, 14-10-2003 a las 19:13, Rob Adams escribió: > Could we LD_PRELOAD an exec() (and system() ) wrapper for lockdown mode? > I think that we should modify the original exec() and system() calls, they are basic calls that any application will use. but IMHO the acls are the solution here. Of course any user will be able to jump those restrictions, just copy the executable with other authorized name and you can forget exec and system restrictions or acls. Also, with LD_PRELOAD the user can change it to use the original one or his/her modification. Also, the LD_PRELOAD var does not work with setuid executables (as a security protection). Cheers. -- Carlos Perelló Marín Debian GNU/Linux Sid (PowerPC) Linux Registered User #121232 mailto:carlos pemas net || mailto:carlos gnome org http://carlos.pemas.net Valencia - Spain
Attachment:
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente