Loading ...
Sorry, an error occurred while loading the content.

Re: [gnubies-il] restricted execution kernel module

Expand Messages
  • meh
    ... I don t know how perl is with proccessing low binary data, no special reason though. ... Secretaries in real offices are usually more like MS office
    Message 1 of 10 , Jan 6, 2003
    • 0 Attachment
      Tzafrir Cohen wrote:

      >On Mon, 6 Jan 2003, meh wrote:
      >
      >
      >
      >>Tzafrir Cohen wrote:
      >><snip>
      >>
      >>
      >>
      >>>Linux has powerful interpeters. Simply limiting the exection of kernel
      >>>executables is far from enough:
      >>>
      >>>
      >>>
      >>>
      >>You defenitely have a point - I didn't think of this. Thank you.
      >>A wiser approach is to set a cron job for 'cleaning' secretaries'
      >>group's home dir, by for instance removing any non-document file in
      >>their home dir (check it with a simple C program to match header - no
      >>script can keep an OpenOffice binary header and remain executable, extra
      >>security can be gianed by saving documents in a special dir. name and
      >>append randomly to it a random postfix - keeping it at /var, now script
      >>can't read and recognize dir. name as it doesn't have prmission for this
      >>var file) and reset startup configuration files (lest a script hopped in
      >>it).
      >>This way there's no chance the account will malfunction in future.
      >>
      >>
      >
      >Why write in C when you can write in perl?
      >
      I don't know how perl is with proccessing low binary data, no special
      reason though.

      >Anyway, doing so severly limits the powers of this user. A desktop user
      >with no ability to run an arbitrary shell script from his/her home
      >directory has a problem.
      >
      >Anyway, have a look at "restricted shell" in bash's docs. (again: this is
      >more for a kiosk-type tsystem than for a real office).
      >
      Secretaries in real offices are usually more like "MS office kiosk" as
      those are the only tools they should use. Plus saving ability of course
      but there's no need to make them run scripts.
      <snip>

      >
      >
      >>This is not my fear - I fear users (as in secretaries) will remove their
      >>files accidently. Except one might want to prevent his employees wasting
      >>their time with soliter they brought from home on a diskette :).
      >>
      >>
      >
      >The users should have the power to move and remove their own docuemtns,
      >
      Sure but by hand only - I don't expect secretaries to write bash for
      massive files removing. You must remember they are not "power users" and
      can accidently activate malicious scripts. Restricting script executors'
      access to their files or at least to their documents directory should
      might be considered. Maybe the sollution is to restrict user's file
      handling to specific programs.

      >otherwise they'll have to call the administrator (read: you) for any such
      >change. This will be an administrative nightmare.
      >
      >Eployees should be allowed to access sensetive data (that they need for
      >work). Employees shoukd be allowed to send mail. This has proven to be a
      >nice combination in the past.
      >
      >BTW: One might want to prevent employees to boot with their own
      >floppies/CDs from home, as well.
      >
      >
      >
    • meh
      Tzafrir Cohen wrote: ... Yes but this is more a BIOS feature than an OS feature.
      Message 2 of 10 , Jan 6, 2003
      • 0 Attachment
        Tzafrir Cohen wrote:
        <snip>

        >BTW: One might want to prevent employees to boot with their own
        >floppies/CDs from home, as well.
        >
        >
        Yes but this is more a BIOS feature than an OS feature.

        >
        >
      • Bipinchandra Ranpura
        Well just for info. At my workplace we were using DOS (Novell Clients) with WordPerfect5.1 for DOS and Quattro Spreadsheet(wk1 files). Now we are using Linux
        Message 3 of 10 , Jan 7, 2003
        • 0 Attachment
          Well just for info. At my workplace we were using DOS
          (Novell Clients) with WordPerfect5.1 for DOS and
          Quattro Spreadsheet(wk1 files). Now we are using Linux
          RedHat 7.3 File Server and Linux RedHat 7.3
          workstations with StarOffice 6.0.

          All Old Quattro files can directly imported in
          StarOffice and saved as Staroffice Spreadsheet.

          All WordPerfect files also imported in with little
          difficulty (1st open under Koffice open Wordperfect
          files -> copy to clipboard (Select all and copy) then
          go to Staroffice Writer and paste.

          Only one problem in importing is if Original file is
          with Password than it can not be opened. 1st you have
          to remove of save file without password then only can
          be imported.

          Sorry to writing so much, which may not of interest to
          all.

          Bipin




          --- meh <meh@...> wrote:
          > Alon Weinstein wrote:
          >
          > >i'm curious -- do secreteries at your workplace use
          > Linux?
          > >
          > >
          > No unfortunately not, I had a dream once to make
          > this happen but reality
          > stroke me real hard. However as Win32 computers
          > keeps breaking and
          > breaking I keep pondering of similar problems can
          > arise with linux and
          > how could they be solved.
          >
          > >
          > >
          > >>You defenitely have a point - I didn't think of
          > this. Thank you.
          > >>A wiser approach is to set a cron job for
          > 'cleaning' secretaries'
          > >>group's home dir,
          > >>
          > >>
          > >
          > >
          > >To unsubscribe from this group, send an email to:
          > >gnubies-il-unsubscribe@egroups.com
          > >
          > >
          > >
          > >Your use of Yahoo! Groups is subject to
          > http://docs.yahoo.com/info/terms/
          > >
          > >
          > >
          > >
          > >
          >
          >
          >
          >


          __________________________________________________
          Do you Yahoo!?
          Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
          http://mailplus.yahoo.com
        Your message has been successfully submitted and would be delivered to recipients shortly.