[Discuss] Program path maintenance and security (was Re: Debian 12 vs. WSL 1)
Bill Ricker
bill.n1vux at gmail.com
Sun Jul 2 10:48:51 EDT 2023
On Fri, Jun 23, 2023, 09:00 <markw at mohawksoft.com> wrote:
> I kind of want to weigh in on a "meta" of this argument.
>
You had me at meta :-)
PATH is interesting but incomplete. . . .
If you use "rbash" the restricted version, PATH
> is read-only and a user can not use absolute paths.
✔️
There are, as always, vulnerabilities every now and then
✔️
>
Lately I have become a big fan of the dreaded SELINUX system.
Having been adjacent to the precursors (MITRE CMW), this cheers me.
If you
> really want security, learn and enable SELINUX. Its a PITA, but it can
> really help security in that all access is explicit.
>
SELINUX, AppArmor, and apparently grsecurity are good choices for different
needs. (I just became aware of the third choice. Hoping not to dig into it,
but ebay time i think I'm fine with security it drags me back.)
More information about the Discuss
mailing list