LinuxQuestions.org - Why for better security, All linux kernel should have fanotify enabled

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Why for better security, All linux kernel should have fanotify enabled (https://www.linuxquestions.org/questions/linux-security-4/why-for-better-security-all-linux-kernel-should-have-fanotify-enabled-4175622196/)

wzis	01-22-2018 09:16 PM

Why for better security, All linux kernel should have fanotify enabled

and a way to limit programs that can use fanotify should be implemented.
fanotify allows security software to truly block others' access to certain files. But that also will allow the hacker to use it to hide illegal change to critical files. That's why there should be some certification system to allow and deny program's access to it.

MensaWater

01-23-2018 02:27 PM

Quote:

Originally Posted by wzis (Post 5810084)

That's why there should be some certification system to allow and deny program's access to it.

You mean like SELinux?

:D

syg00

01-23-2018 03:50 PM

Hardly new news - when I looked at it (years ago) fanotify_init needed CAP_SYS_ADMIN. That would be root.

wzis	01-26-2018 05:26 PM

Both SELinux and just limit it to root are not good enough.
It needs something that only certain certified programs can use fanotify and even root can't easily change that.

All times are GMT -5. The time now is 05:56 PM.