Changes between Version 7 and Version 8 of Security


Ignore:
Timestamp:
10/24/08 16:07:58 (8 years ago)
Author:
anonymous
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • Security

    v7 v8  
    55This represents an increased security risk to your system compared to most programs, because you are being asked not just to trust the code you install today, but also the updates Shepherd receives in the future. If you would like to reduce your security exposure, there are several things you can do. 
    66 
     7=== !AppArmor === 
     8The ideal solution is to allow Shepherd to run normally, but restrict it from doing anything abnormal. See [wiki:SecurityAppArmor Securing Shepherd with AppArmor] for details. 
     9 
     10=== Run as its own user === 
     11If you install Shepherd as its own user, it will be limited by the permissions of that user. If you do this, though, you'll need to switch to this user every time you want to manually execute Shepherd commands, because Shepherd won't allow itself to be manipulated by a user other than that used to install it. 
     12 
     13(If you try, it will begin to install a new copy for the new user. And multiple copies of Shepherd can make life confusing.) 
     14 
    715=== Turn off auto-update === 
    8  
    916When run with the --noupdate option, Shepherd will grab data but never update itself. This makes the security risk of running Shepherd the same as any other program. 
    1017 
     
    1320This is not recommended, because bugfixes and improvements to Shepherd and its components are made available very frequently, and these improve the quality, quantity, and reliability of the guide data acquired. If you do choose to run Shepherd with --noupdate, we recommend that you periodically perform a manual --update in order to get these updates, even if your guide data seems fine. 
    1421 
    15 === Run as its own user === 
    16  
    17 If you install and execute Shepherd as its own user, it will be limited by the permissions of that user. 
    18  
    19 === !AppArmor === 
    20  
    21 A good solution is to allow Shepherd to auto-update, but place limits on what it can do. See [wiki:SecurityAppArmor Securing Shepherd with AppArmor] for details. 
    22  
    2322== Related Pages == 
    2423See also: [wiki:SecurityDebian2 Security for Debian Based Distributions.]