grsecurity forums


https://forums.grsecurity.net./

deny application A to execute B

https://forums.grsecurity.net./viewtopic.php?f=3&t=1335

Page 1 of 1

deny application A to execute B

PostPosted: Tue Nov 08, 2005 10:47 am
by Raf256
Simple example request, how can I dissallow
program A (like firefox) when runned by an user other then John(*)
to execute any other programs B, besides application C (in examplem totemplayer)?

Can I hide all user files (~/) besides ~/.mozilla and ~/downloads from application A?

(*) how to make it more iteresting like,
- when runned by any user that is NOT in given group
- when runned by any user that IS in given group
- when runned by any user that didnt identyfie self with grsecurity password thingy

What exacly and where should I add to have this result?

PostPosted: Thu Nov 10, 2005 6:37 pm
by spender
In the default role, create a subject for firefox that disallows execution of everything but what you want it to execute. Create a role for John and a subject in that role for firefox that grants the access you wish it to have when run under that context. For hiding all user files but the ones you mentioned from firefox, try the following three rules in the firefox subject:
/home/* h
/home/*/.mozilla rwcd (you may want to be more fine-grained than this)
/home/*/downloads rwcd

-Brad

PostPosted: Fri Nov 11, 2005 3:40 pm
by Raf256
Hmm, btw - do we have yet a nice, step-by-step, detailed (with examples) howto? Explaining how to do the things You mentione above
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/