On Wed, Apr 13, 2011 at 3:18 PM, McKown, John <[email protected]> wrote: > > Try running Linux with the SELinux enhancements fully implemented. That makes > Linux very difficult (to me) to break. SELinux implements MAC controls > instead of DAC controls. And it can even make it impossible for "root" to > modify some things without the proper SELinux authorities. One example is > that it can prevent execution of code on the "stack" or even in malloc'd > (GETMAINed) storage. The former is a common way for malware to get control > with buffer overflows. Oh, and it can also prevent the code from modifying > itself in memory as well. > > -- > John McKown
Writing the SE Linux was done with a National Security Agency (No Such Agency) (NSA) research grant. http://www.nsa.gov/research/selinux/ -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
