Ausnahme gefangen: SSL certificate problem: certificate is not yet valid ๐Ÿ“Œ Limit a process to a specific directory (and sub-directories)?
Team IT Security Nachrichtenportal Logo

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security
RSS Feed Symbol fรผr Team IT Security 800+ IT News als RSS Feed abonnieren



๐Ÿ“š Limit a process to a specific directory (and sub-directories)?


๐Ÿ’ก Newskategorie: Linux Tipps
๐Ÿ”— Quelle: reddit.com

Suppose I want to run a script, a command or a generic executable. Is there a way to prevent said process accessing files outside the current working directory?

I know there is chroot, but it's not very ergonomic because one has to prepare the virtual environment with all the dependencies.

macOS has a nice (but limited) feature that restricts access to common user directories (desktop, documents and so on) showing a dialog the first time a process is trying to access something inside these folders.

I guess I'm looking for a sandbox runtime like the one provided by deno and its Permission API

It is probably possible to achieve something similar using docker containers and mounting only specific volumes, I tried this by it wasn't good enough, the configuration wasn't trivial.

I'm wondering if there is something at the system level to achieve this with as little overhead as possible, both in terms of resources and time to configure.

โ€‹

For those interested in the "Why": when a user launches a process, it runs with the user permissions by default, thus it's able to read from (and write to) the file system just like a user is. This is something that really makes me uncomfortable because it means a malicious script/program can easily steal my ssh keys, not to mention all my personal and/or confidential data.

submitted by /u/inamestuff
[link] [comments] ...



Sharing is caring on Social Media

๐Ÿ”— Reddit
๐Ÿ”— Telegram
๐Ÿ”— LinkedIn
๐Ÿ”— Xing
๐Ÿ”— Twitter
๐Ÿ”— Whatsapp
๐Ÿ”— Facebook
๐Ÿ”— Flipboard

Join the Team IT Security Community

๐Ÿ”— "IT Sicherheit" Reddit-Gruppe
๐Ÿ”— "IT Sicherheit" Telegramm-Seite

๐Ÿ“Œ Limit a process to a specific directory (and sub-directories)?


๐Ÿ“ˆ 40.57 Punkte

๐Ÿ“Œ r/linuxhelp is a 10 year old subreddit that has 252 members and 3 active users as of now. This sub is pointless thanks to restricted submissions and honestly an absolute waste of the 'critical sub name'!!


๐Ÿ“ˆ 32.52 Punkte

๐Ÿ“Œ Garud - An Automation Tool That Scans Sub-Domains, Sub-Domain Takeover And Then Filters Out XSS, SSTI, SSRF And More Injection Point Parameters


๐Ÿ“ˆ 32.52 Punkte

๐Ÿ“Œ Pip Install Specific Versionโ€Šโ€”โ€ŠHow to Install a Specific Python Package Version with Pip


๐Ÿ“ˆ 27.78 Punkte

๐Ÿ“Œ SauronEye - Search Tool To Find Specific Files Containing Specific Words, I.E. Files Containing Passwords


๐Ÿ“ˆ 27.78 Punkte

๐Ÿ“Œ can anyone tell , while I am using Pycharm why so many python process are running, like as pycharm itself takes approx 1.5 gb memory(as you can see by process named java) , but right now , due to multiple python process my memory usage is 7.3gb .


๐Ÿ“ˆ 27.16 Punkte

๐Ÿ“Œ Optus lacking sub-1GHz spectrum drives decision to limit low-band spectrum holdings


๐Ÿ“ˆ 25.86 Punkte

๐Ÿ“Œ Malwoverview.py is a first response tool to perform an initial and quick triage in a directory containing malware samples, specific malware sample, suspect URL and domains. Additionally, it allows to download and send samples to main online sandboxes


๐Ÿ“ˆ 25.49 Punkte

๐Ÿ“Œ Developing a Company-Specific ChatGPT is One-Third Technology and Two-Thirds Process Improvements


๐Ÿ“ˆ 24.73 Punkte

๐Ÿ“Œ Cuvva: Time-limit Bypassing, Rate-limit Bypassing and Spamming at https://ops.cuvva.co


๐Ÿ“ˆ 24.56 Punkte

๐Ÿ“Œ How to Solve โ€œSub-process /usr/bin/dpkg returned an error code (1)โ€ In Ubuntu


๐Ÿ“ˆ 23.52 Punkte

๐Ÿ“Œ Kill Process Running on a Specific Port in Linux


๐Ÿ“ˆ 22.95 Punkte

๐Ÿ“Œ How to Wait for a Specific Process to Complete in Linux?


๐Ÿ“ˆ 22.95 Punkte

๐Ÿ“Œ CVE-2015-6829 | WP Limit Login Attempts Plugin up to 2.0.0 on WordPress HTTP Header wp-limit-login-attempts.php getip X-Forwarded-For/Client-IP sql injection (ID 1239492)


๐Ÿ“ˆ 22.77 Punkte

๐Ÿ“Œ Malwoverview - Tool To Perform An Initial And Quick Triage On Either A Directory Containing Malware Samples Or A Specific Malware Sample


๐Ÿ“ˆ 21.92 Punkte

๐Ÿ“Œ SharpSniper - Find Specific Users In Active Directory Via Their Username And Logon IP Address


๐Ÿ“ˆ 21.92 Punkte

๐Ÿ“Œ SharpSniper โ€“ Find Specific Users In Active Directory Via Their Username And Logon IP Address


๐Ÿ“ˆ 21.92 Punkte

๐Ÿ“Œ Process and data isolation strategies pt. 1 - Sandboxes and Process imprisonment


๐Ÿ“ˆ 21.68 Punkte

๐Ÿ“Œ Web Wiz NewsPad 1.02 rte_file_browser.asp sub directory traversal


๐Ÿ“ˆ 20.71 Punkte

๐Ÿ“Œ Web Wiz Forums 9.07 rte_file_browser.asp sub directory traversal


๐Ÿ“ˆ 20.71 Punkte

๐Ÿ“Œ Perl 5.8.0/5.8.1/5.8.3/5.8.4 Sub-Directory File::Path::rmtree race condition


๐Ÿ“ˆ 20.71 Punkte

๐Ÿ“Œ I want to print directory name and complete path of the file using recursion ? what is wrong with this code it only print one directory at a time .. i want to do it for all directory recursively ???


๐Ÿ“ˆ 20.51 Punkte

๐Ÿ“Œ Microsoft Windows 8.1 Console Driver Job Object Process Limit Bypass


๐Ÿ“ˆ 20.44 Punkte

๐Ÿ“Œ Microsoft Windows 8.1 Console Driver Job Object Process Limit Bypass


๐Ÿ“ˆ 20.44 Punkte

๐Ÿ“Œ How to limit process resource usage


๐Ÿ“ˆ 20.44 Punkte

๐Ÿ“Œ How to view the open file limit for a Linux process


๐Ÿ“ˆ 20.44 Punkte

๐Ÿ“Œ How to use โ€˜cpโ€™ command to exclude a specific directory


๐Ÿ“ˆ 20.13 Punkte

๐Ÿ“Œ How to Pull Specific Directory With Git


๐Ÿ“ˆ 20.13 Punkte

๐Ÿ“Œ trying to search multiple directories for a specific date and copy file from the directory with that date


๐Ÿ“ˆ 20.13 Punkte

๐Ÿ“Œ How to Extract Tar Files to Specific or Different Directory in Linux


๐Ÿ“ˆ 20.13 Punkte

๐Ÿ“Œ Vuln: IBM Business Process Manager Advanced and WebSphere Process Server Security Bypass Vulnerability


๐Ÿ“ˆ 19.9 Punkte

๐Ÿ“Œ Vuln: IBM Business Process Manager Advanced and WebSphere Process Server Security Bypass Vulnerability


๐Ÿ“ˆ 19.9 Punkte

๐Ÿ“Œ Sysinternals Updates: Process Explorer v17.0, Handle v5.0, Process Monitor v3.92 and Sysmon v14.11, (Sun, Oct 30th)


๐Ÿ“ˆ 19.9 Punkte

๐Ÿ“Œ Station is a convergent terminal emulator. A good fit for mobile devices a with the updates more featured completed: alerts on finished process, search highlighter, close process warnings and much more.


๐Ÿ“ˆ 19.9 Punkte

๐Ÿ“Œ I am using fzf fuzzy finder to filter process and kill it. The command works but when i pass it as as alias in .zshrc, it kills the process but throws following warnings. Is there better/correct way to do it ?


๐Ÿ“ˆ 19.9 Punkte











matomo

Kontakt

24/7 kontakt@tsecurity.de

Weitere Informationen

Google Android Playstore Download Button fรผr Team IT Security
๐Ÿ”— Impressum
๐Ÿ”— Datenschutz
Paypal Spenden fรผr Projekt

Social Media

๐Ÿ”— Facebook
๐Ÿ”— Reddit
๐Ÿ”— Team IT Security als Elektron App
๐Ÿ”— © 2015-2023 Team IT Security Nachrichtenportal รผber Cybersecurity
๐Ÿ”— CMS "myDraft" a PHP Portal Software