Mandatory Access Control with SELinux

SECURITY HARDENED

Article from Issue 69/2006
Author(s):

SELinux provides a comprehensive Mandatory Access Control system for Linux, if you are ready for all the details.

SELinux is a security-enhanced adaptation of the Linux kernel developed under the auspices of the US National Security Agency (NSA). According to the NSA, SELinux works by enforcing “access control policies that confine user programs and system servers to the minimum amount of privilege they need to do their job.” The security of an ordinary Linux system is based on a concept known as Discretionary Access Control (DAC). In a DAC system, a user is granted access to a resource (such as a file or directory) based on the user’s credentials, and users have the discretion to modify permissions for any resources they happen to control. This design gives attackers a means for gaining entry to a system. If root launches the Adobe Reader to access a PDF from an untrusted source, an attacker could exploit a vulnerability to start a root shell, even though root shells have nothing to do with what Adobe Reader is supposed to be doing.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • SE Linux

    SELinux provides a safer system through the powerful concept of mandatory access controls.

  • AppArmor vs. SELinux

    Security Enhanced Linux or App Armor? Linux Magazine invited two well-known personalities from Red Hat and Novell to debate the merits of their security systems.

  • SELinux Sandbox for Untrusted Programs

    The security framework SELinux is set to offer a Sandbox in which applications deemed insecure can be partitioned off from other system areas.

  • Security on Fedora

    The security models for Linux differ quite a bit from what users may be used to on Windows. We'll look at what Linux has to offer, how to manage it, and how to stay safe with Linux.

  • Mobilinux 5.0 with Power Management and SELinux

    Montavista has released a new version of its Linux distribution for mobile devices

comments powered by Disqus

Direct Download

Read full article as PDF:

Access_Control_with_SELinux.pdf (299.50 kB)

News