Let’s say I want to enforce certain settings, such as the use of a proxy in network settings for certain users.
Isn’t this easily bypassable by for example by installing TOR browser or using a VPN app in the user space?
How does system mangers can be sure users will only use the system as planned by the sysadmin? I’m especially interested in network settings, but in general I would be interested to know more about this/be pointed towards the right direction.
Thank you!
You can simply just download a binary and run it.
Mounting home and temp partitions with
noexecshould prevent that.Nah, still easy to circumvent. This should work: https://github.com/hackerschoice/memexec, or (for dynamic exes) just call them through
ld-linux.Many electron apps will break because they install some executables into ~/. config
So double win!
Sure but will it bypass your established network routing if it can’t change it?
And that would be enough to bypass root settings?
If someone wants to prevent users to mess with the system should he just disallow downloads entirely/confine the user into an intranet?
Depends on the root setting. And depends on your goal. What is the purpose of the proxy? I doubt that it is easy to bypass, but you still could run a Proxy or VPN as user, this would not bypass the proxy but any filtering/blocking would not be possible. Etc