Linux Today: Linux News On Internet Time.

Improve Security with Polyinstantiation

Mar 03, 2008, 08:30 (0 Talkback[s])
(Other stories by Robb R. Romans)

[ Thanks to LinucksGirl for this link. ]

"To improve security, it's often wise to use more than one method of protection (also called 'defense in depth'). That way, if one method is breached, another method remains operational and prevents further intrusion. This article describes a way to add another layer of depth to your security strategy: using PAM to polyinstantiate world-writeable shared directories. This means that a new instance of a directory, such as /tmp, is created for each user.

"Polyinstantiation of world-writeable directories prevents the following types of attacks..."

Complete Story

Related Stories: