[plug] Linux security idea - maybe
Denis Brown
dsbrown at cyllene.uwa.edu.au
Thu Jun 12 22:58:02 WST 2003
On Thu, 12 Jun 2003, Bernard Blackham wrote:
> On Thu, Jun 12, 2003 at 09:12:14PM +0800, Denis Brown wrote:
> > It seems to me that the Holy Grail of breaking into a computer system is
> One solution that's being developed is SELinux (Security Enhanced
> Linux). AIUI, the idea is that you specify a security policy that
> allows more finely grained control over who can do what. In the
> example used it was demonstrated that even if you remotely gain
> root, you still (as microsoft put it) CDS[1]. eg, see
> http://www.coker.com.au/selinux/play.html
Thanks, I'll have a play.
> With SELinux you can setup a machine such that you can only do
> certain things if you are physically sitting at the console (in
> which case your security can be considered pretty compromised
> anyway). This might be an inconvenience for some, but the option is
> there if needed.
>
> I've never done it before though, only read about it :)
> More info at http://www.nsa.gov/selinux/
Hmmm... can't get in. National Security Agency, eh? Maybe my home
Wintel system is considered a weapon of mass destruction :-)
Cheers,
Denis
More information about the plug
mailing list