Technology news and Jobs 
Our Blogs Open Sauce LCA 2009: Making Linux more secure
Our Blogs Open Sauce LCA 2009: Making Linux more secure | LCA 2009: Making Linux more secure |
|
| by Sam Varghese | |
| Friday, 16 January 2009 | |
|
Page 2 of 3 Offering up a play machine online helps to improve SE Linux - many configuration errors were found in the early days as the policy which was designed at that time was not designed to be used on a machine with public root access. Featured Whitepaper
5 Best Practices for Smartphone Support
"Also some issues were discovered with general Unix code - for example, if UID==0 the 'locate'" program didn't check permissions and the pam_unix.so library did not launch the unix_chkpwd program if it couldn't open /etc/shadow. While these are unusual corner cases they could affect systems that didn't use SE Linux," says Russell. "The locate issue was discovered by a user on my play machine." Russell's use of a play machine has helped developed a stronger security policy; if anyone gains unauthorised root access on a SE Linux machine they will now not be able to do anything dangerous. Additionally, their attempts to damage the machine will be logged clearly. "It also helped start the SE Linux community. The #selinux IRC channel originally started as a support channel for my play machine," he says. At next week's Australian national Linux conference, Russell will be giving a talk on the state of play in SE Linux with regard to the forthcoming Debian version, Lenny, a summary of how development has progressed. SE Linux will not be part of the default or standard install in Lenny but it will be better integrated and have more features, Russell says. "Discussion is starting on what level of support will be in the Debian installer for future versions of Debian." CONTINUED |
| < Next story in category | Previous story in the category > |
|---|
