Alle 13:55, sabato 6 marzo 2004, Lamar Owen ha scritto:
> On Friday 05 March 2004 03:34 pm, scott.marlowe wrote:
> > Sorry, but that's the wrong answer. Once someone has root on a unix box
> > her can do ANYTHING he wants. and he can cover his tracks.
>
> This is what things like the capabilities system and SELinux are designed
> to prevent in the Linux world. As Fedora Core 2 will ship with SELinux
> installed and enabled, it will become much more difficult for someone to
> randomly get root and do damage. It is quite simple with SELinux to
> prevent any of the attacks you mentioned. Root is no longer root. Things
> on an SELinux system, or a system fully implementing the kernel
> capabilities model, can indeed be locked away from root, at least in
> network attached multiuser mode. This does, of course, make maintenance of
> the data more difficult; one must be at the console in a special mode to do
> full maintenance. But someone remotely cracking root no longer is the
> threat they once were, when some system like SELinux is in use.
A better, more structured architecture of permissions on Unix is a
long-standing need. It looks like SELinux is offering a new and interesting
approach to this problem.
Regarding this topic I have a dream: the hyerarchical permission architecture
of OS/400 (and many other IBM OSs for mainframe) ported to Linux. Just imagine
this: you have a omnipotent "root" who can access the machine from the
console only, a whole set of powerful, configurable administrators who can
act from the net, each of them devoted to administer a specific part of the
OS or of the File System, and finally a crowd of simple users, with
configurable permissions. Nobody would have more power of what it actually
need for his job, not even the root.
Would not it be a better (safer and more manageable) world to live on?
-----------------------------------------
Alessandro Bottoni and Silvana Di Martino
alessandrobottoni@interfree.it
silvanadimartino@tin.it
