[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?



Rahul Sundaram wrote:
Mike McCarty wrote:
Bruno Wolff III wrote:
On Fri, Sep 21, 2007 at 05:44:20 -0600,
  Karl Larsen <k5di zianet com> wrote:

This whole thing reads to me that SELinux is the linux version of Norton or Avguard to Windows. It will capture and keep the offending file from doing it's worst.


SELinux does not work like an anti virus program.

It works very much like FluShot+ for MSDOS did.

An antivirus program of any sort has pretty much nothing in common with Mandatory Access Control. I am not sure what sort of relationship you see in between them.

FluShot+ hooked the INT 21 vector[*], and watched for certain
kinds of accesses. When it detected certain accesses, it
looked for permissions associated with the given application.
If an application attempted an access to a file, and the
file had certain "attributes" (like .EXE, .BAT, .COM extension,
for example) and the application was not registered for
that class of action, then the access was denied.

Open with write to a file which was considered executable
by anything other than registered apps was denied. One
registered his linkers. Also, attempts to use the direct
access calls in the kernel or BIOS resulted in denial,
like an attempt to write directly to disc. This is by
no means a comprehensive list; I'm simply trying to show
the analogy.

There were quite a few rules which could be set up. The system
as shipped was rather restrictive, and as one encountered
problems, one added more relaxations/exemptions to the rules until
such time as one could use one's system more-or-less
normally without constantly being warned and/or asked
whether to override a rule when a denial was in progress.

[*] Used for all system calls, like open() etc. I don't
know how familiar you may be with MSDOS usage. If you are
already aware, then just ignore this.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]