[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Root is God? (was: Mutt & tmp files)

On Fri, Nov 16, 2001 at 02:36:30PM +0100, Mathias Gygax wrote:
> On Fre, Nov 16, 2001 at 04:13:16AM -0900, Ethan Benson wrote:
> > > > Root is God. Anything you do on the system is potentially visible to
> > > > root.
> this is, with the right patches applied, not true.
> > > What's about rsbac? Are there other strategies against root available?
> > 
> > root usually has physical access to the hardware anyway.
> but root usually also does have remote access.
> take a look at http://www.lids.org LIDS. this is a kernel patch to
> seperate root from the kernel (a new level of security) by having
> capability and mandatory access control list support in your kernel. you
> can very fine tune the setup. for a real linux multi-user system, it's the
> perfect secruity patch.

which root is free to turn off since he knows the password.

Ethan Benson

Attachment: pgp8NfmGk2NKn.pgp
Description: PGP signature

Reply to: