Why shouldn’t someone use passwords in the command line?
Why do people fear writing passwords in the command line?
security
How can I limit ssh *remote* port forwarding?
I need to limit which ports can be remotely ‘ssh -R‘ forwarded by an user.
Execution of possibly harmful program on Linux
I’m writing a program that will test programs written by students. I’m afraid that I can’t trust them and I need to make sure that it won’t end up badly for the computer running it.
Can users in a group access a file that is in another user’s home directory?
I have 3 users A,B and C inside a group ‘admin’. I have another user ‘D‘ in whose home directory, there is a project folder. I have made D as the owner of that folder and assigned ‘admin’ as the group using chgrp. Group and owners have all the permissions, but still A,B or C are unable to access the folder. I have two question :
What is most secure and simplest way to have a user-typed password on bash become part of stdin to a program?
I’m looking for the (1) most secure and (2) simplest way to have a user type a password on a bash shell prompt and to have that password become part of stdin to a program.
What would be the best way to work around this glibc problem?
I administer a Gentoo Hardened box that uses file capabilities to eliminate most of the need for setuid-root binaries (e.g. /bin/ping has CAP_NET_RAW, etc).
Why is PATH reset in a sudo command?
After much frustrating head-brick-wall contact, I’ve discovered this: $ echo $PATH /usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/steve/bin $ sudo bash # echo $PATH /usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin but $ sudo bash -c 'echo $PATH' /sbin:/bin:/usr/sbin:/usr/bin $ sudo bash -Ec 'echo $PATH' /sbin:/bin:/usr/sbin:/usr/bin I gather from another post that the sudo path is read from /etc/sudoers — but why? Does setting $PATH in /root/.profile … Read more
D-Bus authentication and authorization
I’m trying to set up remote access to D-Bus, and I don’t understand how authentication and authorization are (not) working.
How can I automate gpg decryption which uses a passphrase while keeping it secret?
I am tasked with automating a gpg decryption using cron (or any Ubuntu Server compatible job scheduling tool). Since it has to be automated I used --passphrase but it ends up in the shell history so it is visible in the process list.
Ghost Vulnerability – CVE-2015-0235
Does the Ghost Vulnerability require access (as in being a logged in user) to the effected OS in question? Can someone clarify the ‘remote attacker that is able to make an application call’? I only seem to find tests to run on the local system directly but not from a remote host.