FC4 kernel performance
Paul A Houle
ph18 at cornell.edu
Wed Jun 22 12:53:10 UTC 2005
Matthew Miller wrote:
>
>These people *do* need the security features. You want Linux to end up like
>Windows, with a virus/spyware infection the *norm*?
>
>
It's not so clear that SELinux helps much against real attacks. It
would take a much tougher security model than the Unix model or even the
SELinux model to stop the virus and zombie infections that we're seeing
in the Windows world. Things like NX that prevent or complicate buffer
overflow attacks may be more useful.
If, for instance, I can find a way to execute arbitrary code in
Firefox or Thunderbird, I can install something on your computer that
runs as you. It can perpetuate itself by putting itself in your
.profile or in a cron job. It can make socket connections to anywhere,
and accept socket connections, so long as the port number is >1024.
This process can send spam, do network scanning, try to infect other
machines, install a keystroke logger, let me look through your
personal files (and other people's files if the permissions are
permissive,) and do plenty of other things.
Root access would be nice -- that would let me run a packet
sniffer, install a root kit, and generally make it a lot harder to
clean up the mess, but modern crackers (who are attacking networks,
not individual computers) don't need it.
More information about the fedora-devel-list
mailing list