[plug] Linux security idea - maybe
Bernard Blackham
bernard at blackham.com.au
Thu Jun 12 22:21:42 WST 2003
On Thu, Jun 12, 2003 at 09:12:14PM +0800, Denis Brown wrote:
> It seems to me that the Holy Grail of breaking into a computer system is
> to achieve administrative access.
One solution that's being developed is SELinux (Security Enhanced
Linux). AIUI, the idea is that you specify a security policy that
allows more finely grained control over who can do what. In the
example used it was demonstrated that even if you remotely gain
root, you still (as microsoft put it) CDS[1]. eg, see
http://www.coker.com.au/selinux/play.html
With SELinux you can setup a machine such that you can only do
certain things if you are physically sitting at the console (in
which case your security can be considered pretty compromised
anyway). This might be an inconvenience for some, but the option is
there if needed.
I've never done it before though, only read about it :)
More info at http://www.nsa.gov/selinux/
Regards,
Bernard.
[1] http://bbspot.com/News/2002/09/cds.html
--
Bernard Blackham
bernard at blackham dot com dot au
More information about the plug
mailing list