With Fedora Core 2, Red Hat catches up with Debian and Gentoo by shipping SELinux (Security-Enhanced Linux). On a traditional Linux system, permissions and access control to files and processes are controlled completely by users. root is all powerful, and programs inherit a user's rights, meaning that when a program is compromised, that user is also compromised. In cases of a program run as root, that means the attacker has access to the whole system.

In the new SELinux method, access is provided by a security policy set by the administrator and enforced by the system. There is no "all powerful root user". How Red Hat will be configuring (and causing to be configurable) the SELinux system, however, is currently unknown. I had hoped that this test release would include all their SELinux additions, but it did not.

By Dave Whitinger at LXer.

[ Read more ]

Related items

• Review: Essential System Administration Pocket Reference (5 January 2004)
• Review: HackNotes Linux and Unix Security Portable Reference (24 October 2003)
• Review: Linux Security Cookbook (29 September 2003)
• Review: Linux Server Hacks (10 September 2003)
• Review: Linux+ Certification Bible (3 September 2003)
• Review: Hacking Exposed Linux 2/e (8 May 2003)
• Review: Linux Administration Handbook (30 April 2003)
• Review: Linux System Security: The Administrator's Guide to Open Source Security Tools, 2/e (14 March 2003)
• Review: Real World Linux Security, 2/e (22 November 2002)
• Review: Linux System Administration - A User's Guide (18 August 2002)