Re: execution policy for shells

To: Brett Lymn <blymn%baea.com.au@localhost>
Subject: Re: execution policy for shells
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Thu, 23 Sep 2010 07:54:56 -0400

On Thu, Sep 23, 2010 at 09:22:21PM +0930, Brett Lymn wrote:
> On Thu, Sep 23, 2010 at 07:35:14AM -0400, Thor Lancelot Simon wrote:
> > 
> > It's "possible via veriexec" inasmuch as you can allow only the one
> > true blessed shell to run, and implement whatever policy you care to
> > in that shell.  This is how the VMS dynamic linker protected the rest
> > of the system from bad shared objects...
> 
> actually, veriexec can be more subtle than that.  You can bless
> certain shell scripts but deny the direct invocation of the shell
> interpreter.  That means that #!/bin/powershell at the top of the

In which case you can't even have an emergency login shell on your
system.  Not 100% sure what I think about that one.

Thor

Follow-Ups:
- Re: execution policy for shells
  - From: Brett Lymn

References:
- execution policy for shells
  - From: Jan Schaumann
- Re: execution policy for shells
  - From: Thor Lancelot Simon
- Re: execution policy for shells
  - From: Brett Lymn

Prev by Date: Re: execution policy for shells
Next by Date: Re: execution policy for shells
Previous by Thread: Re: execution policy for shells
Next by Thread: Re: execution policy for shells
Indexes:

Home | Main Index | Thread Index | Old Index