[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SELinux



So, in an attempt to get back on-topic, I thought I'd throw out the
tiny bit of information that I've learned about SELinux
(http://www.nsa.gov/selinux/), or at least the version of it that will
ship with Fedora Core 2.  I don't know if my descriptions or terms are
right or not, but this is what I've gathered from the limited reading
I've done.

First, apparently SELinux lets you set really fine-grained access
controls on a per-program basis.  Apparently the tests for those
things only happen *after* regular Unix-y permissions are checked
though.

Second, apparently there are two "modes" for SELinux.  In "permissive"
mode, anything is allowed unless specifically disallowed.  In other
words, things work mostly like they would with SELinux disabled. 
(Odds are that I'll stick with this if/when I actually set up any
systems with FC2.)  In "restricted" mode, SELinux will deny anything
not specifically granted.  Apparently Red Hat is trying to get FC2 to
work properly in restricted mode, which means going around setting
policy for *every* executable on the system.

I've seen two interesting suggestions for real-world benefits to all
this complexity.  First, you could effectively ignore buffer overruns
and other such exploits if you could deny your various daemons the
ability to use any of the exec family of system calls.  (Shellcode
doesn't do you any good if you can't run a shell.)  Second, it would
be fairly easy to implement a OSX-like system that would still be
secure.  Users at the console could be allowed to run setuid programs
to do admin things, with the kernel and not the setuid program
deciding who is really running on the console.

I'd be interested to know if anyone on the list has actually worked
with it yet...

Steve
-- 
steve@silug.org           | Southern Illinois Linux Users Group
(618)398-7360             | See web site for meeting details.
Steven Pritchard          | http://www.silug.org/

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.