From: "Bruno Wolff III" <bruno@xxxxxxxx>
Sent: Saturday, 2010/April/17 06:23
> On Fri, Apr 16, 2010 at 20:29:25 -0700,
> Craig White <craigwhite@xxxxxxxxxxx> wrote:
>>
>> Clearly no OS is safe from exploit. The most effective security method
>> employed on Linux is simply not to run as superuser where most Windows
>> and Macintosh users are running as superuser and the software leaves it
>> to the user to figure out how to run with less privileges (very possible
>> but not the typical usage).
>
> I disagree. This can help with restoring a system, but is more useful
> for protecting users from each other than users from malware. User
> accounts have all of the power needed to replicate malware. User accounts
> have valuable data (may be private or hard to recreate), where as data
> owned by root typically isn't. There have historically been a lot of local
> root exploits on linux systems that allow malware to elevate its
> privilieges.
>
> I think selinux is going to of more use in this area than standard unix
> file system privileges and having a separate root account. It won't solve
> all of the problems, but it can help protect users from processes running
> as themselves.
Heh, you get it. SELinux is a anti-malware software.
{^_-}
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
