Jeffry Smith wrote:
> Basically, all the security is to prevent them from compromising your
> system (OK, if you get into the B levels of security, you can do some
> compartmentalizing of the risks, but I don't think Linux is there yet
> - the closest I know of is to use User Mode Linux, everything passes
> up, so the most they compromise is one Linux instance [I think, I
> admit not being hugely familiar with UML])
I disagree with this assessment. I think that Linux is very much "there"
when it comes to compartmentalizing risk. Any system that has things
like: user permissions, ability to chroot, the ability to run the same
binary in multiple instances, etc. can easily be compartmentalized.
A really good example of this is something that I saw the other day that
I thought was really cool. Someone had a system with the user
directories chrooted, and each user had a local copy of sshd running on
a different port. When he ssh'd in to a particular port, he would be in
a chrooted environment with an entire ditribution under his home
directory. He used it as a build environment so that he could build
against new libraries, etc. and not contaminate the rest of his system.
Things like this can be applied to security as well. You can chroot ftp
users, you can make certain areas of a system read-only, you can you can
make standard apps (like make) executable only by root. You can even
make root an ordinary user and make some other account UID 0. There are
all sorts of ways to compartmentalize risk, but like the rest of
security (and life itself), it all depends on how much time you want to
spend to do it.
Kenny
--
Kenny Lussier
Systems Administrator
Mission Critical Linux
***********************************************************
Life is a lesson, you learn it at the end
Reality has become increasingly less accurate
***********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
