digg

Facebook Connect Join Digg About
See the original image at searchenterpriselinux.techtarg…

For Linux security, principle of least privilege prevails

searchenterpriselinux.techtarg… Linux security may seem daunting, but there are a host of best practices to simplify the maze. Recently, Steve Grubb of Red Hat Inc. outlined some important security principles, including minimizing admin access, the increasing sophistication of SELinux and the importance of auditing systems.

Who dugg this? Made popular Jul 20, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

41 Comments

show profanity settings
expand all
  • naterpoke, on 07/20/2008, -2/+207 7 7 all the way
  • paulmer2003, on 07/20/2008, -1/+10Uh, in what enviroment is least privilege NOT a good idea?
  • inactive, on 08/11/2008, -4/+11Have fun sucking dick all your life, then.
  • hugolp, on 07/20/2008, -0/+7Democracy?
  • inactive, on 07/20/2008, -1/+7selinux is horrible for actual security ( no the role based portions ). it is a bad ripoff of Pax/grsec ( grsecurity.net ) and has been shown to be defeatable over and over again ( see spenders exploit: http://grsecurity.net/~spender/exploit.tgz ) that disables selinux on the fly ( b/c the selinux devs think its a good idea to keep a bit in memory that controls whether protection is on or off ) then proceeds to exploit the kernel. selinux offers a blacklisting approach to userland pointer derefences in the kernel and has no concept of kernel executing code in userland ( as is shown in spender's exploit ). you can also read this thread for more information: http://lists.immunitysec.com/pipermail/dailydave/2 ...

    if you want real security you will patch your kernel with grsec and enable all the options it provides. if you want a half baked attempt by a group with alot of pull in the linux community then install selinux.
  • bluechild, on 07/20/2008, -0/+5Thanks for your cliche contribution.
  • inactive, on 07/20/2008, -1/+6Thanks for the helpful tip. From now on I'm always posting to Digg with my computer turned off, physically disconnected from the network.
  • hugolp, on 07/20/2008, -0/+3So I guess you turned off your computer and we wont see you in Digg anymore?
  • hugolp, on 07/20/2008, -0/+3Wrong. Windows tries to use this principal, but (as usual) fails at implementation. Google about UAC and you will see its a useless system.
  • inactive, on 07/20/2008, -0/+3"what information can be sent and recieved from networks"

    grsec lets you decide based on group ids who can send or receive data on the network, it patches the network system call wrapper which duplexes based on the first arguement ( see http://lxr.linux.no/linux/net/socket.c#L1996 to see the function I am talking about )
  • CCmachined, on 07/20/2008, -0/+2because running as admin all the time (ala XP) means any malware you may happen to install can wreck your system (and most importantly, the bugger can set itself to run again next boot)
    Linux requires you to type a admin (root) password before doing any administrative task. this has the added bonus of preventing anyone you don't know who happens to gain access to your hardware from messing with important files etc. i find it more annoying to have to move the move from wherever it is to a button onscreen and then clicking grant (especially on my touchpad), than just pressing a load of keys that are always in the same place on my lap and enter.
  • ha3er0, on 06/16/2009, -2/+4 The should make it default.
  • specialK16, on 07/20/2008, -0/+1omg spoiler alert! Havey Dent is Two Face....

    Stop sucking at life. Blocked and reported.

  • inactive, on 07/20/2008, -0/+1"how we are not showing them enough love"

    you mean how when they show how selinux is sterile and ineffective and how the mainstream kernel devs dont report vulnerabilities they get ignored or laughed at by elitists at redhat that have no idea about security?
  • ExRe, on 07/20/2008, -4/+5This still isn't real security.

    In order to install something you need to grant the installer permission, which (from what I've seen) grants them full permission for pretty much anything.

    If someone were to stick a rootkit in a widely used package without the devs knowing about it, likely every single user would get the rootkit installed without knowing because it has full permission.

    Real security = (application virtualization + not allowing any changes except those proven to be from the developers to the core + allowing to select what can and can not run at bootup and what information can be sent and recieved from networks) || no network connection && no floppy/cd/usb flash/external drives allowed.
  • inactive, on 07/20/2008, -0/+1what does "reroute kernel sync" mean/refer to?.
  • ExRe, on 07/21/2008, -0/+1Practically impossible isn't safe.

    Also, I meant injecting the item before it is packaged. Not very likely and very difficult, but it still IS a possibility. If somebody were to do it they could infect thousands or tens of thousands of computers instead of trying to crack one system at a time.
  • ExRe, on 07/20/2008, -0/+1Allowing only certain users to send/receive data could help security, but, like the issue with letting installers have full admin permission, an account with permission could still be used to send/receive the data.
  • TehDoctor, on 07/21/2008, -0/+1"If someone were to stick a rootkit in a widely used package without the devs knowing about it"

    Ok, first of all... that's really unlikely. Practically impossible. But even if someone did, the checksum policies would immediately flag the modified package. Someone actually checked malicious code into the Linux kernel. Due to checksum tests, it didn't last long.

    Secondly, yes the installer runs as root, but the packages it installs still run with user privileges, unless it's a system program/daemon, which average users don't usually install; and this is assuming that someone actually broke into the upstream repo machines, plus all the mirrors, plus somehow circumvented the checksum tests, all without anyone knowing.
  • CCmachined, on 07/20/2008, -0/+1move the cursor from wherever it is*
  • rjt69, on 07/21/2008, -0/+1How do you get labels without selinux?
  • ha3er0, on 06/16/2009, -0/+1***** ***** ***** *****
  • beingdevious, on 07/20/2008, -1/+2i prefer 644
  • ExRe, on 07/21/2008, -0/+1Oh really?

    I'd like to see some links.

    The only thing I've read about how to bypass UAC is by installing something, then having it hijack shortcuts from something else (which would require that you accept a UAC prompt in the first place when installing it).
  • DougVitale, on 07/21/2008, -0/+1Here is a step-by-step guide to locking down Red Hat Linux: http://digg.com/linux_unix/How_To_Harden_and_Secur ...
  • elipabst, on 07/21/2008, -0/+1Can you name a single operating system in which that couldn't happen? I don't know of a single installer that runs unprivileged (how could it?). And even large corporations like Microsoft or Apple are not immune to a rogue employee. If you think large companies like that are immune to having someone sneak something as large as a rootkit into software, think again...Microsoft excel 2000 had a ***** spyhunter game easter egg in it.

    http://www.eeggs.com/images/items/107.full.jpg
  • inactive, on 07/20/2008, -1/+1grsec's only involvement in the community is continually engaging in immature bickering about how we are not showing them enough love and how everything else sucks balls, we should show more love dammit. Sorry but that attitude is a real turn off when dealing with system security. I want my sensitive data in the hands of trust, not in the hand of whiners demanding their piece of the cake out of pity.
  • inactive, on 07/20/2008, -0/+0I'm glad I saw it yesterday, Otherwise I would hack you computer up.
  • armourer, on 07/20/2008, -1/+1Wasn't something about gay marriage support just on digg? How old are you people?
  • Kral, on 07/21/2008, -1/+1selinux makes everything crashy and broken, ensuring no hacker would want to target your system. It's kinda the software equivalent of crapping yourself to ward off attackers.
  • FizzanoMatrix, on 07/20/2008, -1/+1The most any Linux user will have to do is reroute kernel sync for either the main or the redundant processes, but even then it's not necessary for an already lock-hard security environment.
  • whisperneki, on 12/04/2008, -0/+0Whoa maybe it's just me but I don't understand a word of that! :))

    http://www.curemysweatypalms.com
  • booyahbitch, on 07/20/2008, -6/+4Dug for REAL security.
  • yertthedigger, on 07/20/2008, -5/+2Windows uses this principal too now with UAC, but people are just stupid and whine about it.
  • sholdowa, on 07/20/2008, -3/+0What does selinux do that the original macs, dacs and common sense don't??? Except for admins to learn more technologies = profit in training courses...
  • enzomedici, on 07/20/2008, -5/+1
    anyone where you want to get work done.
  • cran, on 07/20/2008, -8/+3The best way to secure any system is to simply turn it off.
  • xpose, on 07/20/2008, -11/+3this article is a snooze. go see batman already!
  • Rascal373, on 07/20/2008, -28/+1dugg because guys rules, girls drool

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.