Bill McGonigle wrote:
On 07/23/2009 06:17 PM, Matthew Woehlke wrote:
I have to ask... when are we going to see Linux allow network access
based on the checksum of the process that wants to use it? After all,
'doze has had this ability for years. (Maybe SELinux can provide this
already?)
Is this a checksum of the binary that got launched? Make sure prelink
can update whatever database of checksums is being kept. And that
prelink isn't exploitable. :)
True. For us, something based on SELinux contexts, which should be
dropped by the kernel on any modification (and allowed to be set by
trusted components, say prelink and yum/rpm) is probably as good or
better than using checksums. (Which still requires prelink to be secure,
but then that's already required, as rogue prelink could be wreaking
who-knows-what havoc...)
This can't be a default on MSW, right? My spam filter's pain would seem
to deny that possibility.
It's not built into MSW if that's what you mean. It's from Tiny, which I
used before switching totally to Fedora. By "has this ability" I mean
that FW's for MSW exist which have this feature. (Also, Tiny is *not* a
firewall for people that don't know what they are doing; using Tiny is,
I would say, on par with 'vi /etc/sysconfig/iptables' in terms of
user-friendliness. Powerful, really not bad when you know what you are
doing, but absolutely not for 'Joe Sixpack'.)
--
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
--
"unsubscribe me plz!!" -- Newbies
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
