Securely Killing ProcessesSecurely Killing Processes
Joey Hess wrote on Debian-devel about the problem of init scripts not doing adequate checks before using the data from a PID file under /var/run to determine which process to[...]
Category: Security
Can SE Linux Implement Traditional Unix Users and Groups?Can SE Linux Implement Traditional Unix Users and Groups?
I was asked by email whether SE Linux could implement traditional Unix users and groups. The Strictly Literal Answer to that Question The core of the SE Linux access control[...]
Logging in as RootLogging in as Root
Martin Meredith wrote a blog post about logging in as root and the people who so strongly advocate against it [1]. The question is whether you should ssh directly to[...]
UBAC and SE Linux in DebianUBAC and SE Linux in Debian
A recent development in SE Linux policy is the concept of UBAC (User Based Access Control) which prevents SE Linux users (identitied) from accessing each other’s files. SE Linux user[...]
Google Chrome and SE LinuxGoogle Chrome and SE Linux
[107108.433300] chrome[12262]: segfault at bbadbeef ip 0000000000fbea18 sp 00007fffcf348100 error 6 in chrome[400000+27ad000] When I first tried running the Google Chrome web browser [1] on SE Linux it recursively displayed[...]
systemd – a Replacement for init etcsystemd – a Replacement for init etc
The systemd projecct is an interesting concept for replacing init and related code [1]. There have been a few attempts to replace the old init system, upstart is getting some[...]
Upgrading a SE Linux system to Debian/Testing (Squeeze)Upgrading a SE Linux system to Debian/Testing (Squeeze)
Upgrade Requirements Debian/Squeeze (the next release of Debian) will be released some time later this year. Many people are already upgrading test servers, and development systems and workstations that are[...]
The YubikeyThe Yubikey
Some time ago Yubico were kind enough to send me an evaluation copy of their Yubikey device. I’ve finally got around to reviewing it and making deployment plans for buying[...]
Types of Security TokensTypes of Security Tokens
The Security Token Wikipedia page doesn’t seem to clearly describe the types of token. Categories of Security Token It seems to me that the following categories encompass all security tokens:[...]
Designing a Secure Linux SystemDesigning a Secure Linux System
The Threat Bruce Schneier’s blog post about the Mariposa Botnet has an interesting discussion in the comments about how to make a secure system [1]. Note that the threat is[...]