LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-24-2006, 07:30 AM   #1
julianpb
LQ Newbie
 
Registered: Jul 2006
Posts: 1

Rep: Reputation: 0
Stopping executables on memory sticks


Hi All,

I'm running a school network and we're trying stop people running .exe, .swf and other files from memory sticks via samba. Is there some way of setting a "don't execute" flag when the stick automounts?

Cheers,

Jools
 
Old 07-24-2006, 07:56 AM   #2
anon237
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532

Rep: Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405
Hi,

You could use the noexec/-o noexec flag that mount supports.

Add this to the appropriate entry (entries) in the /etc/fstab, something like this:

Code:
/dev/sda1     /mnt/usbfs         auto      noexec,noauto,rw,user   0 0
See man mount for details.

Hope this helps.
 
Old 07-24-2006, 10:09 AM   #3
Lotharster
Member
 
Registered: Nov 2005
Posts: 144

Rep: Reputation: 18
You should be aware that you can't stop people from copying the file to their home directory and executing it there. If you want to disable that, you would have to mount the home partition with the noexec flag.
If you are only worried about windows executables, you could just uninstall wine.
 
Old 07-25-2006, 10:19 AM   #4
woppa30
LQ Newbie
 
Registered: Nov 2003
Location: Royston, Herts UK
Distribution: Fedora Core 5
Posts: 27

Rep: Reputation: 15
An alternative but drastic method is to go around all the workstations, add an admin password to the BIOS and then disable all the USB ports. Bit of a killer if you use USB mice and keyboards but I have seen it done in a company to stop data theft via USB pen drives. Sorry I don't have a clever answer :-(
Woppa
 
Old 07-25-2006, 11:13 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603
You should be aware that you can't stop people from copying the file to their home directory and executing it there.
Yes you can and from about anywhere. GRSecurity contains Trusted Path Execution (TPE) which allows root to deny users executing stuff in dirs that are and not in $PATH, and not owned by root:root, and world-writable (IIRC). Spose one could do similar with any Rule Based Access solution (RBAC).

Last edited by unSpawn; 07-25-2006 at 11:15 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Inerasable memory sticks - ROM satimis Linux - General 1 05-27-2005 09:55 PM
Conflicting results with usb memory sticks Taliesin Linux - Hardware 4 03-31-2005 01:43 AM
Memory sticks, upgrades and SuSE 9x... quick advice? Napalm Llama SUSE / openSUSE 3 02-18-2005 01:44 PM
USB memory sticks island_dude Linux - Hardware 1 01-20-2004 12:16 PM
Sony memory sticks? bxb32001 Linux - Hardware 15 08-14-2002 08:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration