Trusted Solaris vs SE LinuxTrusted Solaris vs SE Linux
Karl MacMillan writes an interesting review of a Sun article about SE Linux. Not only does he correct errors in the Sun article but he also summarises some of the[...]
Category: Security
questions regarding SE Linuxquestions regarding SE Linux
I just received a question about SE Linux via email. As I don’t want to post private messages containing material that’s globally useful I’ll answer through my blog: > other[...]
Debian and Google Summer (Winter) Of CodeDebian and Google Summer (Winter) Of Code
Debian is participating in the Google Summer Of Code (or Winter if you are in the southern hemisphere). It would be good if we could get a SE Linux related[...]
SE Linux on /.SE Linux on /.
The book SE Linux by Example has been reviewed on Slashdot. The issue of Perl scripts was raised for discussion. It is of course true that a domain which is[...]
creating a new SE Linux policy modulecreating a new SE Linux policy module
Creating a simple SE Linux policy module is not difficult. audit(1173571340.836:12855): avc: denied { execute } for pid=5678 comm=”spf-policy.pl” name=”hostname” dev=hda ino=1234 scontext=root:system_r:postfix_master_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file For example I had a[...]
execmodexecmod
Ulrich Drepper has written a good web page about text relocation which is most often noticed as execmod failures reported when running SE Linux. When an AVC message reports a[...]
classic security mistakeclassic security mistake
One of the most obvious (and yet most common) computer security mistakes is to take input from an untrusted (and potentially hostile) source. A classic example of this is in[...]
ps and securityps and security
A post by Scott James Remnant describes how to hide command-line options from PS output. It’s handy to know that but that post made one significant implication that I strongly[...]
core filescore files
The issue of core file management has come up for discussion again in the SE Linux list. I believe that there are two essential security requirements for managing core files,[...]
more about vista securitymore about vista security
While reading the discussion of Vista security on Bruce Schneier’s blog it occurred to me that comparing the issues of DRM that face MS with the issues faced by SE[...]