Re: Is LIDS a good idea?

To: mdevin@ozemail.com.au, Debian-user <debian-user@lists.debian.org>
Subject: Re: Is LIDS a good idea?
From: Christian Jaeger <christian.jaeger@sl.ethz.ch>
Date: Fri, 30 Nov 2001 21:38:00 +0100
Message-id: <p04320400b82d9d1336e7@[192.168.3.11]>
In-reply-to: <fyaWC.A.czD.8BuB8@murphy>
References: <fyaWC.A.czD.8BuB8@murphy>

Just as a note:

LIDS really makes use of the capabilities stuff that is in the kernelanyway. Well it complements it with file access control lists (andmaybe some other stuff, I don't have much experience with LIDS), butnot everything in LIDS is it's own invention. I think really itshould be the software (the deamons running as root) itself whichshould make use of the capabilities, instead of leaving this task tothe administrator.

Also it's probably generally not that a good (well thought out) ideato transfer the security border from root_space <-> normal_user_spaceto lids_protected_space <-> root_and_normal_user_space; there will besecurity holes in LIDS too..


christian.

Reply to:

Follow-Ups:
- Re: Is LIDS a good idea?
  - From: Mathias Gygax <mg@trash.net>

Prev by Date: Custom Kernel Confusion --- What to do?
Next by Date: Re: Tar dependencies broken?
Previous by thread: Re: Is LIDS a good idea?
Next by thread: Re: Is LIDS a good idea?
Index(es):
- Date
- Thread