Re: LYNX-DEV securing Lynx for boxed-in environments.

[William Yang]

Benjamin C. W. Sittler wrote something like:

> You might consider running Lynx in a chroot'ed environment containing only
> the commands you wish users to run.

> Alternatively, you could make a new group, "untrusted", and chgrp all
> untrusted executables to it. Any user who was allowed to run these
> executables could be placed in this group. Finally, all the untrusted
> executables could have their global exec permissions removed.

The second option is really not maintainable -- I don't want to spend
the next year going through the thousands of binaries on the system
changing permissions, only to find that their functionality DEPENDS on
those permissions.  Then, when I apply a required OS patch or upgrade
a system somehow, things become broken.  The justification for adding
an additional LEVEL to the security (which goes beyond simple UNIX
filesystem security) is that it's maintainable and monitorable at a
single point, which makes administration easier and more
cost-effective.

The chroot'd environment is possible... but requires that the
environment be set by soemthing with super-user privileges.  Offhand,
it seems safer to set up a system that restricts access at the first
convenient point of entry (the client shell level).

        -Bill
-- 
William D Yang                          The Greater Columbus Free-Net
address@hidden          System Administration & Operation

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;