LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-26-2006, 11:19 AM   #1
Murdock1979
Member
 
Registered: Oct 2003
Distribution: Slackware Debian VectorLinux
Posts: 429
Blog Entries: 2

Rep: Reputation: 30
non-root security


Hello!

I am currently hardening the security of my system. Linux has a strong barrier between the core system and userland and is fairly straightforward to configure. Hence, my core system is fairly stable.

However, what options are there for users' security?
It seems to me a simple internet java/activeX script can easily download itself into the ~ directory and then modify the ~/bash_profile init file to run malicious code. A small program bug could also create a exploit like this.

Only the user will be affected, but it may compromise private information or corrupt a user's files.

Thank you,
Murdock
 
Old 03-26-2006, 11:42 AM   #2
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 67
ActiveX doesn't work in Linux. As far as java scripts, the web browsers are support to provide some protection but if you don't believe it is enough you can always disable java/javascript support in your preferences (at least you can on Firefox and Konqueror).

Another thing some people do is mount /home with the no exe flag so that you can't run things from users home directories. Last thing I can think of if your really afraid is removing your write privileges from your .bashrc, .bash_profile or any other script that automatically runs at login....

You should probably also look into using SELinux and a PAX/Grsecurity enabled kernel.

Last edited by jtshaw; 03-26-2006 at 11:53 AM.
 
Old 03-27-2006, 06:54 AM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
for your web-based script worries, look at the noscript extension:

http://www.noscript.net/

of course this assumes you use firefox to surf the web...

the mounting /home noexe tip is great, i'm actually planning to do this for my parents in the near future... probably when linux 2.4.33 is released...
 
Old 03-27-2006, 02:59 PM   #4
Murdock1979
Member
 
Registered: Oct 2003
Distribution: Slackware Debian VectorLinux
Posts: 429

Original Poster
Blog Entries: 2

Rep: Reputation: 30
Win32sux,

Thanks for the Firefox tip. Most of Microsoft's security problems come up when surfing the web, so while Linux is more secure, it also is somewhat affected by the same problem. But this will entirely eliminate the issue.

Thanks!
Murdock
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
NFS security problem --> too much power for root acb67 Linux - General 5 01-30-2011 05:49 PM
SSH Security - Anti Root Swakoo Linux - Security 3 02-10-2006 01:21 PM
security changes now let only root to login NCC-1701&NCC-1701-D Linux - Security 1 05-31-2005 10:47 AM
Subdomains and security with regards to root domain htmlcoder Linux - Security 1 03-10-2005 06:48 PM
root and apt-get: security question eeried Linux - Newbie 13 05-24-2004 03:42 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration