RUNZ security

From Hacktolive.org

Jump to: navigation, search

is RUNZ (formerly: SRUN) safe?

how runz works

the RUNZ framework mounts any file with the .runz extension
RUNZ framework asks if the user wants to run the file "autorun" inside the .runz file
If the user wants to do it, then "autorun" is launched as non-root user

Security measures

mount the .runz file as read-only
Only the root and the user that opened the file will have access to it's contents
RUNZ Framework expires the root session, before running the contents of the .runz (using sudo -k)

Feedback

Any other possible vulnerabilities? Please report them!

Retrieved from "http://hacktolive.org/wiki/RUNZ_security"

Views

Personal tools

Log in

Search

Toolbox