More PATH fallout. Who decided this was a good idea?
Kevin Kofler
kevin.kofler at chello.at
Sat Dec 6 17:35:38 UTC 2008
Jesse Keating wrote:
> On Sat, 2008-12-06 at 07:48 -0500, Steve Grubb wrote:
>> Sure and that can be audited. We can also point out that this act takes
>> the system out of the certified configuration. So, if you need to be in
>> the CAPP certified configuration, don't let users do this.
>
> To be CAPP certified, you can't have a web browser?
Mounting the home directories with noexec should also prevent users from
doing this.
That said, AFAIK the CAPP profile implies no Internet access. (But the
people actually working on security might correct me on that.)
Kevin Kofler
More information about the devel
mailing list