standard unix filesystem permissions should be adequate to protect a system from its users (the defaults on OpenBSD are good enough), but if you're really paranoid, you should run NetBSD (has veriexec, per user /tmp and a security.curtain sysctl) or FreeBSD (has a complete MAC framework and lots of other goodies from the TrustedBSD project); on OpenBSD, you can always tighten the filesystem permissions some more, or slap immutable flags on files, or mount partitions read-only, or chroot your users in their own environment (lots of work, if you want to do that)...
|