Mandatory Access Control with SELinux

SECURITY HARDENED

Author(s):

SELinux provides a comprehensive Mandatory Access Control system for Linux, if you are ready for all the details.

SELinux is a security-enhanced adaptation of the Linux kernel developed under the auspices of the US National Security Agency (NSA). According to the NSA, SELinux works by enforcing “access control policies that confine user programs and system servers to the minimum amount of privilege they need to do their job.” The security of an ordinary Linux system is based on a concept known as Discretionary Access Control (DAC). In a DAC system, a user is granted access to a resource (such as a file or directory) based on the user’s credentials, and users have the discretion to modify permissions for any resources they happen to control. This design gives attackers a means for gaining entry to a system. If root launches the Adobe Reader to access a PDF from an untrusted source, an attacker could exploit a vulnerability to start a root shell, even though root shells have nothing to do with what Adobe Reader is supposed to be doing.

Our Services

Read full article as PDF » Access_Control_with_SELinux.pdf (299.50 kB)
comments powered by Disqus

Visit Our Shop

Trial Subscription

Digital Subscription

Subscribe

Direct Download

Read full article as PDF » Access_Control_with_SELinux.pdf (299.50 kB)

Tag Cloud

Android Bruce Byfield Gnome KDE Linux Pro Magazine Open Source Projects Red Hat Ubuntu events foss free software google linux

News