Spotlight | Reviews | Current Issue | Newsletter | Subscribe | Contact
News
Features
Blogs
White Papers
Conference Videos
Departments
Current Issue
Special Editions
Spotlight
Reviews
LUGs
Event Calendar
Archives
     2008
     2007
     2006
     2005
Article Code


price comparison with idealo.com
Price comparison for:
fast servers for your business solution, fast notebooks for long flights, software for good results, TomTom navigation systems, PC hardware, Plasma and LCD TVs, Computer Hardware and Software, MP3 Player, highend Laptops and many more. Get reviews of your favourite digital camera or  of  new dvd-players.

user friendly

  linux-magazine.com » Issues » 2006 » 69 » SECURITY HARDENED  

Mandatory Access Control with SELinux

SECURITY HARDENED

Author(s): RALF SPENNEBERG

SELinux provides a comprehensive Mandatory Access Control system for Linux, if you are ready for all the details.

SELinux is a security-enhanced adaptation of the Linux kernel developed under the auspices of the US National Security Agency (NSA). According to the NSA, SELinux works by enforcing “access control policies that confine user programs and system servers to the minimum amount of privilege they need to do their job.” The security of an ordinary Linux system is based on a concept known as Discretionary Access Control (DAC). In a DAC system, a user is granted access to a resource (such as a file or directory) based on the user’s credentials, and users have the discretion to modify permissions for any resources they happen to control. This design gives attackers a means for gaining entry to a system. If root launches the Adobe Reader to access a PDF from an untrusted source, an attacker could exploit a vulnerability to start a root shell, even though root shells have nothing to do with what Adobe Reader is supposed to be doing.


Read full article as PDF »


Comments


Slashdot it! Delicious Digg
Related Articles
COUNTERPOINT Novell and Red Hat security experts face off on AppArmor and SELinux
BREAKING IN AND KEEPING OUT Kernel 2.6 rootkits and the quest for Linux security
PROTECTIVE ARMOR Shutting out intruders with AppArmor
BOOK REVIEWS
LINUX IN LINUX Getting started with User-Mode Linux
PREVENTION Staying one step ahead of the intruders
Video Archive USENIX Security '08

Video Archive USENIX Security '08

Look here for archived tutorials and talks from USENIX Security '08. Each comprises a video and recorded presentation slides which are shown parallel to the talk.

Find out more

 

In the US and Canada, Linux Magazine is known as Linux Pro Magazine.
Entire contents © 2008 [Linux New Media USA, LLC]
Linux New Media web sites:
North America: [Linux Pro Magazine]
UK/Worldwide: [Linux Magazine]
Germany: [Linux-Magazin] [LinuxUser] [EasyLinux] [Linux-Community] [Linux-Nachrichten] [Linux Events]
Eastern Europe: [Linux Magazine Poland] [Linux Community Poland] [Darmowe Programy Poland] [Open Source DVD Poland] [Linux Magazin Romania]
International: [Linux Magazine Brazil] [Linux Magazine Spanish]
Corporate: [Linux New Media AG]