BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Program path maintenance and security (was Re: Debian 12 vs. WSL 1)

Subject: [Discuss] Program path maintenance and security (was Re: Debian 12 vs. WSL 1)
From: bill.n1vux at gmail.com (Bill Ricker)
Date: Sun, 2 Jul 2023 10:48:51 -0400
In-reply-to: <a30dcea4072e10d14d25913573d9fcea.squirrel@mail.mohawksoft.com>
References: <20230621163508.GJ24375@bladeshadow.org> <20230621185748.00001f02.Richard.Pieri@gmail.com> <20230622182628.GK24375@bladeshadow.org> <a30dcea4072e10d14d25913573d9fcea.squirrel@mail.mohawksoft.com>

On Fri, Jun 23, 2023, 09:00 <markw at mohawksoft.com> wrote:

> I kind of want to weigh in on a "meta" of this argument.
>

You had me at meta :-)

PATH is interesting but incomplete. . . .

If you use "rbash" the restricted version, PATH
> is read-only and a user can not use absolute paths.

??

There are, as always, vulnerabilities every now and then

??

>
Lately I have become a big fan of the dreaded SELINUX system.

Having been adjacent to the precursors (MITRE CMW), this cheers me.

If you
> really want security, learn and enable SELINUX. Its a PITA, but it can
> really help security in that all access is explicit.
>

SELINUX, AppArmor, and apparently grsecurity are good choices for different
needs. (I just became aware of the third choice. Hoping not to dig into it,
but ebay time i think I'm fine with security it drags me back.)

Next by Date: [Discuss] Boston Linux VIRTUAL Meeting , Wednesday, July 19, 2023 - What Programmers Should Know About Memory
Next by thread: [Discuss] Boston Linux VIRTUAL Meeting , Wednesday, July 19, 2023 - What Programmers Should Know About Memory
Index(es):
- Date
- Thread