Re: Debian suggestion on File Deletion
Hi David,
Thanks for your suggestion,
On Wed, Dec 12, 2007 at 12:19:28PM -0800, David de Hilario Richards wrote:
> The system/administration section of the OS is password protected.
> This is a good protection against viruses etc that would attack the OS
> but maybe the Debian developers could include password protecting
> Emptying the Trash. So when you delete files, they would be sent to
> the Trash as always but if you want to empty it, a user password would
> be necessary. This would prevent harm from viruses even though I
> understand that Linux has very few of them.
>
> The same idea could be applied to the Terminal. The Terminal would ask
> for a password every time you would want to delete a file.
The problem is, a malicious program (virus, etc) does not need a
Terminal or Trash to delete files. It just directly asks the operating
system kernel to do that. The kernel obeys if (simplifying) the program
is running as the user who owns the file to be deleted. This is often
the case.
However, there is functionality called SELinux (Security Enhanced Linux
if memory serves) which allows to say specifically which programs are
allowed to perform what actions. It makes it possible to restrict
malicious programs from doing anything malicious.
SELinux is available in the current stable release of Debian.
Unfortunately, it is quite difficult to configure, and currently causes
problems with programs which are not malicious as well. We hope to get
it more useful in future Debian releases.
Regards,
--
Marcin Owsiany <porridge@debian.org> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
Reply to: