Having used ext2/3 ACLs as support to Samba's NT permission support I've
become quite fond of the system. In the first-install 'it works!' euphoria I
had a couple of ideas that were promply rejected in many UNIX, LUG ml;
nonetheless, I'm stubborn so here it goes:

Imagine Linux/Unix makes it's way on the desktop and lusers start using all
sorts of warez, cool trojan, etc... any good sysadmin will start to long for
the days when *NIX was for the Ones! Imagine ~/.gnupg and ~/Documents being
lifted across the net to some ruthless leet crackz0r... PHB: 'man,I pay you
to prevent this crap!' Do we really want some M$ish EULA discaiming all
responsibility (even those claims of UNIX security... except in init 1)?

So here you go:

Sensitive files such as ~/.gnupg/* are accessible only to a specifically set
class of /usr/bin/app using ACL/EA. Any other access attempt should trigger a
console message or Gnome/KDE critical warning. So if a luser runs the latest
attached flash exe (I know: OutOfLuck runs exes when they are supposed to be
binary data files but nonetheless...) the system will trigger an alert. The
~/.fileacl itself should be protected against vi and it's housekeeping
program (interactive only... pam authenticated...) and sensible global
/etc/fileacl rules would be enforced to help sysadmins.

In the end it's something that protects the user from the system just as
/etc/passwd protects the latter from the former.

If UNIX will rule the desktop, 'got root' won't be the only prize. It will
live on especially for servers.
User data theft will become bothersome!

2eurocent, <- if only I could get the euro symbol to work!!!
Edo

For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
message to discuss-unsubscribemandrakesecure.net. To visit MandrakeSecure,
go to http://www.mandrakesecure.net/.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]