[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [ardour-dev] ardour

On Thu, 12 Sep 2002 00:46, Paul Davis wrote:
> as for security issues, thats pretty much irrelevant for a program
> that to be used as intended, requires root priviledge or various
> capabilities that make it possible to do anything with the
> machine. such a program is a massive security hole, and will be until
> the basic level of security granularity in the kernel changes. i'm not
> particularly interested in issues like a buffer overflow fix in some
> C++ library when the program itself is a such a huge security hole.

Having a program running with unrestricted access to the machine is the best 
reason for being particularly concerned about the possibility of buffer 
overflows etc.

Also you can use SE Linux to lock down root processes.  For a few months I ran 
a machine with an open root password on the net and no-one managed to abuse 
it...  With SE Linux I can lock down the access of any process to any degree 
I like.

Also LIDS, DTE, and GRSec are other options for securing Linux machines and 
reducing the abilities of root processes, but I have not tested LIDS and DTE 
myself and have not used the full capabilities of GRSec so I can't comment on 
them in detail.

I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

Reply to: