LXer: Tips for Taming SELinux
 

Published at LXer:

But in these modern times it's not necessary to gain root privileges to commit nefarious deeds, yet the primary purpose of most security schemes is still to protect root. Users are considered dispensable, like the red-shirted crewmen on the original Star Trek series. As soon as a guy in a red shirt appeared, you knew he was going to be toast before the second commercial break. Think about it—what's the most important stuff on your computer? The system files? You can easily replace those. An attacker might still want to acquire root privileges so they can replace key system binaries to try to cover their tracks. But the system files themselves are not valuable. The valuable stuff sits in your home and other data directories. If you're storing sensitive data of any kind, such as databases full of customer data, that's what an attacker wants.

Read More...