[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Root is God? (was: Mutt & tmp files)

On Fre, Nov 16, 2001 at 04:13:16AM -0900, Ethan Benson wrote:

> > > Root is God. Anything you do on the system is potentially visible to
> > > root.

this is, with the right patches applied, not true.

> > What's about rsbac? Are there other strategies against root available?
> 
> root usually has physical access to the hardware anyway.

but root usually also does have remote access.

take a look at http://www.lids.org LIDS. this is a kernel patch to
seperate root from the kernel (a new level of security) by having
capability and mandatory access control list support in your kernel. you
can very fine tune the setup. for a real linux multi-user system, it's the
perfect secruity patch.
Reply to: