“In the Slovak language, “medusa” means “jellyfish”. Like
jellyfish, Medusa can sting an enemy with its tentacles. In Greek
mythology, Medusa was one of three Gorgons’ sisters. Anybody who
got a glimpse of her face became petrified. Medusa is a security
system which can extend the overall security of your Linux system.
Medusa consists of two parts. The first is a set of small patches
to the Linux kernel, and the second is a user-space security daemon
(authorization server) called Constable. “
“You may ask, “Why do I need a security system such as
Medusa?” The answer depends on many factors. If you have a machine
at home, you’ll probably not need it. If you have a well-known and
frequently used Internet server, you may have use for it. Why?
Because the UNIX security scheme seems to be insufficient nowadays.
Yes, it’s really simple (like the whole UNIX principle), but it has
many limitations. Just to mention two of them: you have no system
rights at all as an ordinary user, and all rights to the whole
system as root. So, when somebody breaks in using any network
daemon, he can do anything he likes inside, e.g., graphics
subsystem or low-level disk operations.”
“The basic idea behind Medusa is really simple. Before
execution of certain operations, the kernel asks the authorization
server (Constable) for confirmation. The authorization server then
permits, forbids or changes the operation. The authorization
server and kernel talk to each other through the special device:
/dev/medusa. In this way, an administrator can create his own
security model, which can complete or override the original UNIX
model. I have told you the principle is simple; however, the
actual implementation is a bit complicated.”
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.