Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Can SELINUX Impose a Better Confidentiality Over Encryption?

Dec 12, 2008, 14:04 (0 Talkback[s])

"The current topic of debate on the Debian-security mailing list is about how to shield data which comes from an encrypted file. SE Linux can protect the reading of the data from an encrypted file that one reads from /dev/mem (for all memory of the machine) or /proc//mem (for the memory of the process). But the logic behind is not that uncomplicated as one may assume. There are certain domains with the ultimate privileges in most of the SELinux configuration. To mention a few, there is unconfined_t for a default configuration and sysadm_t for a "strict" configuration. The USP of SE Linux is that it doesn't mandate a domain with ultimate privileges. If a majority of Linux users have an unconfined_t configuration and rest have a "strict" configuration, the domain that can access /dev/mem will always be there. The "strict" configuration can put SE Linux in permissive mode and can access /dev/mem. Though it is uncertain if it really works like this! But something close."

Complete Story

Related Stories: