Todd Walton wrote:
The Future of SELinux http://securityblog.org/brindle/2006/08/24/the-future-of-selinux-or-how-we-are-going-to-take-over-the-world/
I agree with this 100%. We do need to get rid of the root user. RedHat shouldn't even configure a root password. It should instead configure a regular user password and give that user sudo. All of the new servers I have deployed at my shop have SE Linux running in targeted policy. Once I get some more things under control I am going to work on switching them to a strict policy. SE Linux is the technology we need to embrace if we really want to avoid becoming a serious target for viruses and trojans like MS Windows. SE Linux can even protect users from themselves to some degree by wrapping the browser and email programs in a policy which even prevent damage when a user executes an attachment from his email program. Attachments saved out from email can be marked with a certain type and have a restricted security policy since we know they came from an untrusted source. There is lots of potential for good here. A while back Michael Robertson said everything should run as root and that if even if a user runs everything as his own UID and gets exploited he can still lose everything in his homedir which is all that matters to him. SE Linux can negate that argument as well.
-- Tracy R Reed http://ultraviolet.org A: Because we read from top to bottom, left to right Q: Why should I start my reply below the quoted text -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
