[ubuntu-us-ut] SELinux Support in 8.04
thenetduck at gmail.com
Wed Mar 19 18:52:30 GMT 2008
Tell me how to help bug and ill be all over it. I will have to run in in
VMware though. (100% ubuntu and don't wanna mess with my main machine)
The Net Duck
On Wed, 2008-03-19 at 12:11 -0600, Christer Edwards wrote:
> On Wed Mar 19, 2008 at 11:57:16AM -0600, BJ Cardon wrote:
> > Can you sell us SELinux for those of us unfamiliar with it?
> > BJ
> SELinux is secure. Apparmour (default) is not ;)
> basically SELinux babysits a targeted list of processes on your machine
> and makes sure they behave. It can be thought of as pre-emptive
> security for vulnerabilities that aren't even discovered yet.
> Apache gets a vulnerability and an attacker tries to force the process to
> serve content from /etc (probably a bad idea). SELinux refers to a
> security context list and smacks Apache upside the head for trying to
> read files it shouldn't. Apache is never able to server the private
> Apparmour, which is the default in Ubuntu & SUSE, tries to do something
> similar but its implementation is not as granular and easier to bypass.
> Plus, Apparmour was maintained by a small group at Novell.. and then
> Novell fired them, so it has a very small un-funded support base.
> SELinux is actively developed by Redhat, the NSA and a number of
> companies nationwide.
More information about the ubuntu-us-ut