namei can be used to trace the endpoint of a cascaded symbolic link
Eg.,
$ namei /dev/cdrw
f: /dev/cdrw
d /
d dev
l cdrw -> scd0
b scd0
$
18 January 2010
SELinux....
Most of the Linux admins especially working on RedHat used to disable this option during installation ofcourse includes me as well....But later i realised the feature it offers.
Today much attention has been paid to network security,data security and computing security using various products available in the market but none of us are realizing the local exploit(Malware/Malicious) is a big one than the rest of the things.
SELinux takes care of control this local exploit....in other words its a kind of access control mechanism.
Is that is the only reason we need this....or do we have a flaw in the existing access control system.
Inherent flaw in the traditional permissions model is DISCRETION.I.e.,Owner of a particular file can change the permissions at his own will which might result in security breach.
By contrast,SELinux implements Mandatory Access Control(MAC) where access control decisions are not at the discretion of individual users or even system administrators.
Subscribe to:
Posts (Atom)