Kernel “Trusted Path Execution” patch (tpe)
I just finished a patch to the Linux kernel which implements “trusted path execution”.
You can specifiy a trusted directory and a group as “trusted” or “untrusted”.
If the group is untrusted all users belonging to this group will only be able to execute files from the trusted directory. If the group is trusted all users will only be able to execute files from the trusted directory but users belonging to the group (and root of course).
Get it here: linux-2.6.18-tpe_restriction (patch, 5 KB)
The patch is based on grsecurity – so credits go to Brad Spengler.