|
|
|
|
|
|
Digg |
|
|
|
SELinux provides a comprehensive Mandatory Access Control system for Linux, if you are ready for all the details.
SELinux is a security-enhanced adaptation of the Linux kernel developed under the auspices of the US National Security Agency (NSA). According to the NSA, SELinux works by enforcing “access control policies that confine user programs and system servers to the minimum amount of privilege they need to do their job.” The security of an ordinary Linux system is based on a concept known as Discretionary Access Control (DAC). In a DAC system, a user is granted access to a resource (such as a file or directory) based on the user’s credentials, and users have the discretion to modify permissions for any resources they happen to control. This design gives attackers a means for gaining entry to a system. If root launches the Adobe Reader to access a PDF from an untrusted source, an attacker could exploit a vulnerability to start a root shell, even though root shells have nothing to do with what Adobe Reader is supposed to be doing.
|
|
|
| Related Articles | |
|---|---|
| COUNTERPOINT | Novell and Red Hat security experts face off on AppArmor and SELinux |
| BREAKING IN AND KEEPING OUT | Kernel 2.6 rootkits and the quest for Linux security |
| PROTECTIVE ARMOR | Shutting out intruders with AppArmor |
| BOOK REVIEWS | |
| LINUX IN LINUX | Getting started with User-Mode Linux |
| PREVENTION | Staying one step ahead of the intruders |
| Wherever you go... |
|---|
...Linux Magazine goes with you!Check out the advantages of a Digital Subscription:
|
Comments