Re: Root privilege (SOLVED)

To: debian-user@lists.debian.org
Cc: Kevin Mark <kevin.mark@verizon.net>, "Roberto C. Sanchez" <roberto@connexer.com>
Subject: Re: Root privilege (SOLVED)
From: cga2000 <cga2000@optonline.net>
Date: Wed, 24 Jan 2007 19:30:12 -0500
Message-id: <[🔎] 20070125003012.GC1407@turki.gavron.org>
Mail-followup-to: debian-user@lists.debian.org, Kevin Mark <kevin.mark@verizon.net>, "Roberto C. Sanchez" <roberto@connexer.com>
In-reply-to: <[🔎] 20070122061452.GD6500@localhost>
References: <[🔎] lhrf74xcvc.ln2@ursa-major.ursine.ca> <[🔎] 20070110225218.GF12265@turki.gavron.org> <[🔎] 20070111100633.5206dbee@think.homenet> <[🔎] 20070111190155.GI12265@turki.gavron.org> <[🔎] 20070111230601.55081cf5@think.homenet> <[🔎] 20070112002502.GK12265@turki.gavron.org> <[🔎] 20070112143911.GA2566@jardine.de> <[🔎] 20070122043614.GA1407@turki.gavron.org> <[🔎] 20070122055304.GG16932@santiago.connexer.com> <[🔎] 20070122061452.GD6500@localhost>

On Mon, Jan 22, 2007 at 01:14:53AM EST, Kevin Mark wrote:
> On Mon, Jan 22, 2007 at 12:53:04AM -0500, Roberto C. Sanchez wrote:
> > On Sun, Jan 21, 2007 at 11:36:15PM -0500, cga2000 wrote:
> > > 
> > > What I had in mind was a flexible model where different actors of the
> > > system can be provided with the privileges required to perform their
> > > duties--no more .. no less.
> > > 
> > You want selinux.
> At the moment, Etch will include SELinux support but it will not be
> active. The two policies for it are strict and targeted. Targeted policy
> is more developed as it suites more common useage for protection from
> external attacks only for a webserver. At this point, if you want
> internal protection also, then you will have to develop a custom policy
> based upon the current strict policy.
> Cheers,
> Kev

Thanks to both.  

The docs on the NSA site are very enlightening.

The next step would require my installing etch with selinux enabled on a
test box and playing with it for an extended period of time to get a
better understanding of the issues involved .. and experience first-hand
the usability (or absence thereof?) of this environment.

Hopefully I'll find time to do that later this year.

Thanks much for your comments.

cga

Reply to:

References:
- Re: Root privilege (SOLVED)
  - From: Paul Johnson <baloo@ursine.ca>
- Re: Root privilege (SOLVED)
  - From: cga2000 <cga2000@optonline.net>
- Re: Root privilege (SOLVED)
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: Root privilege (SOLVED)
  - From: cga2000 <cga2000@optonline.net>
- Re: Root privilege (SOLVED)
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: Root privilege (SOLVED)
  - From: cga2000 <cga2000@optonline.net>
- Re: Root privilege (SOLVED)
  - From: David Jardine <david@jardine.de>
- Re: Root privilege (SOLVED)
  - From: cga2000 <cga2000@optonline.net>
- Re: Root privilege (SOLVED)
  - From: "Roberto C. Sanchez" <roberto@connexer.com>
- Re: Root privilege (SOLVED)
  - From: Kevin Mark <kevin.mark@verizon.net>

Prev by Date: Re: shopping for an HTML editor
Next by Date: Re: shopping for an HTML editor
Previous by thread: Re: Root privilege (SOLVED)
Next by thread: Re: Root privilege (SOLVED)
Index(es):
- Date
- Thread