Restricting user's ability to execute binaries in home direct ory.

Mon, 11 Jun 2001 11:32:39 -0700

Look at the Operator Shell (osh)
http://www.engarde.com/~mcn/osh.html

Also you can run bash in restricted mode, look here:
http://sunland.gsfc.nasa.gov/info/bash/The_Restricted_Shell.html

I have also setup systems to use Rsh but I can't remember the specifics.

* Blake

-----Original Message-----
From: Shadow [mailto:shadow@digitalnirvana.com]
Sent: Monday, June 11, 2001 10:35 AM
To: plug-discuss@lists.PLUG.phoenix.az.us
Subject: Restricting user's ability to execute binaries in home
directory.

I am in the process of opening up my personal server to other people to
store files and receive e-mail.  The problem is that I do not want all
of them to be able to execute binaries from their home directories.  (I
consider this a security risk.)  Some of the people are trusted users
and I do want them to ab able to execute binaries.

So far the only way I have seen to restrict arbitrary execution is with
the noexec option in the /etc/fstab.  Unfortunately this also prevents
my trusted users from executing their programs.  Any suggestions?

-- 
Chris Lewis
Tesla Systems
shadow@digitalnirvana.com
----------------------------------------
You want what?? When??  And how cold is it in Hell today?
----------------------------------------

The following code is a PERL script capable of decoding a CSS (Content
Scrambling System) encrypted DVD in real time.  This is illegal to
possess in the US according to the Digital Millennium Copyright Act, a
set of laws passed by anonymous vote in congress in 1998.  The Motion
Picture Association of America (MPAA) is opposed to the distribution of
this software because it allows the owners of CSS encrypted DVDs to
exercise their long-standing fair use rights with new digital
technologies.  For more information, please visit:
http://www.opendvd.org/

#!/usr/bin/perl -w
# 526-byte qrpff, Keith Winstein and Marc Horowitz
<sipb-iap-dvd@mit.edu>
# MPEG 2 PS VOB file on stdin -> descrambled output on stdout
# arguments: title key bytes in least to most-significant order
$_='while(read+STDIN,$_,2048){$a=29;$c=142;if((@a=unx"C*",$_)[20]&48){$h=5;
$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$b=73;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=($t=255)&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9
,$_=(map{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t
^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271)
)
[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eva
l
________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
to the list quickly and you use Netscape to write mail.

PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss