new openssh (new paranoia-patch)

Rainer P. Feller Rainer-Peter.Feller at physik.uni-hamburg.de
Wed Aug 18 06:57:57 PDT 2004


On Wed, 2004-08-18 at 15:45, Bennett Todd wrote:
> Thanks many times over, both for the original posting and for the
> answers.
> 
> Now you've got me seriously curious, though; what kind of scenario
> are you thinking of with the paranoia patch? I've tried to cons up
> fantasies of where I might want to use it, and they all seem pretty
> dystopian.

You want a usefull scenario?
o.k. here it is ;-)

A loginserver, you log into an environment where every single executable
file is on a read-only-filesystem if a file is on a r/w-filesystem it is
not executable, /lib/ld-linux.so belongs to nobody and has a s-flag
in this loginserver there are 3 network interfaces and you want every
traffic into the loginenvironment to come trough eth0 and every traffic
out of the loginenvironment to eth1 you don't want anybody to be able to
use the 3rd interface which is connected to a backupserver.
then you have to be able to override comandline parameters given by a
user and for this you need to patch the ssh-client.

-- 
  H
CUH Rainer Peter Feller
  H




More information about the lfs-chat mailing list