On Fri, Nov 16, 2001 at 02:36:30PM +0100, Mathias Gygax wrote: > On Fre, Nov 16, 2001 at 04:13:16AM -0900, Ethan Benson wrote: > > > > > Root is God. Anything you do on the system is potentially visible to > > > > root. > > this is, with the right patches applied, not true. > > > > What's about rsbac? Are there other strategies against root available? > > > > root usually has physical access to the hardware anyway. > > but root usually also does have remote access. > > take a look at http://www.lids.org LIDS. this is a kernel patch to > seperate root from the kernel (a new level of security) by having > capability and mandatory access control list support in your kernel. you > can very fine tune the setup. for a real linux multi-user system, it's the > perfect secruity patch. which root is free to turn off since he knows the password. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpcrSicgABHD.pgp
Description: PGP signature