[ubuntu-us-ut] SELinux Support in 8.04
Bob
thenetduck at gmail.com
Wed Mar 19 18:52:30 GMT 2008
Im Sold,
Tell me how to help bug and ill be all over it. I will have to run in in
VMware though. (100% ubuntu and don't wanna mess with my main machine)
The Net Duck
On Wed, 2008-03-19 at 12:11 -0600, Christer Edwards wrote:
> On Wed Mar 19, 2008 at 11:57:16AM -0600, BJ Cardon wrote:
> > Can you sell us SELinux for those of us unfamiliar with it?
> >
> > BJ
>
> SELinux is secure. Apparmour (default) is not ;)
>
> http://en.wikipedia.org/wiki/SELinux
> http://www.nsa.gov/selinux/
>
> basically SELinux babysits a targeted list of processes on your machine
> and makes sure they behave. It can be thought of as pre-emptive
> security for vulnerabilities that aren't even discovered yet.
>
> Example:
> Apache gets a vulnerability and an attacker tries to force the process to
> serve content from /etc (probably a bad idea). SELinux refers to a
> security context list and smacks Apache upside the head for trying to
> read files it shouldn't. Apache is never able to server the private
> content.
>
> Apparmour, which is the default in Ubuntu & SUSE, tries to do something
> similar but its implementation is not as granular and easier to bypass.
> Plus, Apparmour was maintained by a small group at Novell.. and then
> Novell fired them, so it has a very small un-funded support base.
>
> SELinux is actively developed by Redhat, the NSA and a number of
> companies nationwide.
>
> Christer
More information about the ubuntu-us-ut
mailing list