[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Root is God? (was: Mutt & tmp files)



On Fri, Nov 16, 2001 at 02:36:30PM +0100, Mathias Gygax wrote:
> On Fre, Nov 16, 2001 at 04:13:16AM -0900, Ethan Benson wrote:
> 
> > > > Root is God. Anything you do on the system is potentially visible to
> > > > root.
> 
> this is, with the right patches applied, not true.
> 
> > > What's about rsbac? Are there other strategies against root available?
> > 
> > root usually has physical access to the hardware anyway.
> 
> but root usually also does have remote access.
> 
> take a look at http://www.lids.org LIDS. this is a kernel patch to
> seperate root from the kernel (a new level of security) by having
> capability and mandatory access control list support in your kernel. you
> can very fine tune the setup. for a real linux multi-user system, it's the
> perfect secruity patch.

which root is free to turn off since he knows the password.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgppYNs00JEh7.pgp
Description: PGP signature


Reply to: