Timeline for Execution of possibly harmful program on Linux
Current License: CC BY-SA 3.0
24 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 13, 2017 at 12:36 | history | edited | CommunityBot |
replaced http://unix.stackexchange.com/ with https://unix.stackexchange.com/
|
|
| Dec 9, 2016 at 1:10 | history | edited | rozcietrzewiacz | CC BY-SA 3.0 |
added a point about docker
|
| Jan 13, 2013 at 7:21 | history | edited | tshepang | CC BY-SA 3.0 |
added 262 characters in body
|
| Nov 24, 2011 at 9:07 | history | edited | rozcietrzewiacz | CC BY-SA 3.0 |
added 7 characters in body
|
| Nov 17, 2011 at 12:22 | history | edited | rozcietrzewiacz | CC BY-SA 3.0 |
added 293 characters in body
|
| Nov 17, 2011 at 8:33 | history | edited | Gilles 'SO- stop being evil' | CC BY-SA 3.0 |
added the distinct user restriction for chroot security
|
| Nov 17, 2011 at 8:32 | comment | added | Gilles 'SO- stop being evil' | @rozcietrzewiacz An important requirement for chroot to provide any protection is to not to run a chrooted program as a user who's also running a program outside the chroot. Otherwise the chrooted process can ptrace a non-chrooted process and do anything that way. | |
| Nov 17, 2011 at 8:28 | comment | added | rozcietrzewiacz |
@korda "I wonder if nobody has internet access.": I do! :D
|
|
| Nov 17, 2011 at 8:22 | comment | added | rozcietrzewiacz |
@Gilles Thanks for pointing that out. It made me think and enhance the answer. I still believe that chroot should be mentioned, because some people still recommend it.
|
|
| Nov 17, 2011 at 7:55 | history | edited | rozcietrzewiacz | CC BY-SA 3.0 |
added 718 characters in body
|
| Nov 17, 2011 at 2:17 | comment | added | user unknown |
test programs written by students and prevent user from using internet connection are completly different things; aren' they?
|
|
| Nov 16, 2011 at 23:52 | comment | added | Gilles 'SO- stop being evil' | Don't recommend chroot in a security context. Chroot can be useful in combination with other sandboxing measures, as a belt-and-braces approach. In itself, it doesn't prevent isolation against malicious programs. | |
| Nov 16, 2011 at 15:22 | history | edited | rozcietrzewiacz | CC BY-SA 3.0 |
added 256 characters in body
|
| Nov 16, 2011 at 13:03 | history | edited | rozcietrzewiacz | CC BY-SA 3.0 |
added 553 characters in body
|
| Nov 16, 2011 at 12:57 | comment | added | l0b0 |
@korda: Looks like it on Ubuntu: sudo -u nobody wget http://www.google.com
|
|
| Nov 16, 2011 at 12:57 | vote | accept | korda | ||
| Nov 16, 2011 at 12:57 | comment | added | korda | I guess I take a closer look at isolate at home. thanks for you and l0b0 | |
| Nov 16, 2011 at 12:54 | comment | added | rozcietrzewiacz | Yes, he has - see my comment to the other post. | |
| Nov 16, 2011 at 12:50 | comment | added | korda |
I wonder if nobody has internet access.
|
|
| Nov 16, 2011 at 12:43 | comment | added | rozcietrzewiacz | Without a special environment, that might not be easy. At least not in a way that makes you certain. | |
| Nov 16, 2011 at 12:34 | comment | added | korda | Why we are it: is there a way to prevent user from using internet connection? | |
| Nov 16, 2011 at 12:29 | comment | added | rozcietrzewiacz | A crash test user account gives you some basic security for sure. Still there are a number of things that you might want/need to prevent. Those can be in a form of exploits of common vulnerabilities embedded in the program or some social hacking, information gathering for the purpose of future remote attack... And probably much more. | |
| Nov 16, 2011 at 12:21 | comment | added | korda | thanks for the answer. I'm a real newb when it comes to stuff like that, could you explain me one thing: why I need to prevent program from reading files in system (for example by chroot)? (if program can't modify them). | |
| Nov 16, 2011 at 12:02 | history | answered | rozcietrzewiacz | CC BY-SA 3.0 |