Fedora 12, sikkerheden
5.2.1. Lower process capabilities
Daemons running as root have been reviewed and patched to run with lower process capabilities. This reduces the desirability of using these daemons for privilege escalation. Additionally, the shadow file permissions have been changed to 000 and several directories in $PATH have been set to 555 in order to prevent daemons without DAC_OVERRIDE from being able to access the shadow file or write to the $PATH directories.
When someone attacks a system, they normally can not do much unless they can escalate privileges. This feature reduces the number of attack targets that can be used to escalate privileges. If root processes do not have all capabilities, they will be harder to use to subvert the system.
Processes with the root uid can still damage a system, because they can write to nearly any file and of course read the /etc/shadow file. However, if the system is hardened so that root requires the DAC_OVERRIDE capability, then only a limited number of processes can damage the system. This will not affect any admin abilities because they always get full privileges which includes DAC_OVERRIDE. Therefore, even if someone does successfully attack a root process, it is now harder for them to take advantage of this attack.
A hardened system would have permissions like: 555 /bin, 555 /lib, 000 /etc/shadow and so on. The current scope is to cover the directories in $PATH variable, library dirs, /boot, and /root. This scheme does not affect SELinux in any way and complements it since capabilities are DAC controls and they have first vote on allowing an access.
Daemons running as root have been reviewed and patched to run with lower process capabilities. This reduces the desirability of using these daemons for privilege escalation. Additionally, the shadow file permissions have been changed to 000 and several directories in $PATH have been set to 555 in order to prevent daemons without DAC_OVERRIDE from being able to access the shadow file or write to the $PATH directories.
When someone attacks a system, they normally can not do much unless they can escalate privileges. This feature reduces the number of attack targets that can be used to escalate privileges. If root processes do not have all capabilities, they will be harder to use to subvert the system.
Processes with the root uid can still damage a system, because they can write to nearly any file and of course read the /etc/shadow file. However, if the system is hardened so that root requires the DAC_OVERRIDE capability, then only a limited number of processes can damage the system. This will not affect any admin abilities because they always get full privileges which includes DAC_OVERRIDE. Therefore, even if someone does successfully attack a root process, it is now harder for them to take advantage of this attack.
A hardened system would have permissions like: 555 /bin, 555 /lib, 000 /etc/shadow and so on. The current scope is to cover the directories in $PATH variable, library dirs, /boot, and /root. This scheme does not affect SELinux in any way and complements it since capabilities are DAC controls and they have first vote on allowing an access.
Kommentarer3
Re: Fedora 12, sikkerheden
Hvad er det i øvrigt du prøver at fortælle?
Re: Fedora 12, sikkerheden
Re: Fedora 12, sikkerheden
Grunden til at jeg startede denne tråd var at jeg lige ville tage et tabu frem i linux verden, nemlig it sikkerhed, (ok ok, ved godt at det er noget andet end med windåse) men hvis vi skal holde vores kæreste eje "linux" fri for vira, er det vigtigt at vi ikke undervurderer truslen. Artiklen nævner jo også at den ikke er helt usårlig,
altså det korte af det laaaaaaaaange.
Vi er ikke usårlige med linux.
Venlig hilsen
Dennis
HUSK AT TALE/SKRIVE PÆNT TIL ANDRE, SELVOM DU ER UENIG MED DEM.