Sam Varghese
Friday, 16 January 2009 05:22
Opinion and Analysis
Page 2 of 3
Offering up a play machine online helps to improve SE Linux - many configuration errors were found in the early days as the policy which was designed at that time was not designed to be used on a machine with public root access.
"Also some issues were discovered with general Unix code - for example, if UID==0 the 'locate'" program didn't check permissions and the pam_unix.so library did not launch the unix_chkpwd program if it couldn't open /etc/shadow. While these are unusual corner cases they could affect systems that didn't use SE Linux," says Russell. "The locate issue was discovered by a user on my play machine."
Russell's use of a play machine has helped developed a stronger security policy; if anyone gains unauthorised root access on a SE Linux machine they will now not be able to do anything dangerous. Additionally, their attempts to damage the machine will be logged clearly.
"It also helped start the SE Linux community. The #selinux IRC channel originally started as a support channel for my play machine," he says.
At next week's
Australian national Linux conference, Russell will be giving a talk on the state of play in SE Linux with regard to the forthcoming
Debian version,
Lenny, a summary of how development has progressed.
SE Linux will not be part of the default or standard install in Lenny but it will be better integrated and have more features, Russell says. "Discussion is starting on what level of support will be in the Debian installer for future versions of Debian."
CONTINUED
