Why for better security, All linux kernel should have fanotify enabled
and a way to limit programs that can use fanotify should be implemented.
fanotify allows security software to truly block others' access to certain files. But that also will allow the hacker to use it to hide illegal change to critical files. That's why there should be some certification system to allow and deny program's access to it. |
Quote:
:D |
Hardly new news - when I looked at it (years ago) fanotify_init needed CAP_SYS_ADMIN. That would be root.
|
Both SELinux and just limit it to root are not good enough.
It needs something that only certain certified programs can use fanotify and even root can't easily change that. |
All times are GMT -5. The time now is 05:56 PM. |