Your SlideShare is downloading. ×
Secure Linux Primer (FreedomHEC 2008)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Secure Linux Primer (FreedomHEC 2008)

875

Published on

Published in: News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
875
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide























































































































































  • Transcript

    • 1. % whoami
    • 2. % whoami
    • 3. % whoami
    • 4. % whoami
    • 5. % whoami
    • 6. % whatis
    • 7. % whatis
    • 8. % whatis
    • 9. % whatis
    • 10. % about
    • 11. % about
    • 12. % about
    • 13. % about
    • 14. ReadMe
    • 15. ReadMe
    • 16. ReadMe
    • 17. ReadMe
    • 18. ReadMe
    • 19. Now let’s review and see what happened
    • 20. is better than
    • 21. is better than
    • 22. but was insufficient
    • 23. but was insufficient
    • 24. but was insufficient
    • 25. DAC The owner can set the access attributes for his/her resource. This is called DAC (Discretionary Access Control). This is DAC % chmod 600 my_diary
    • 26. • DAC can be overridden
    • 27. • DAC can be overridden • You should set DAC carefully, but should not over trust it
    • 28. • DAC can be overridden • You should set DAC carefully, but should not over trust it • When is DAC broken?
    • 29. root user root user is not affected by DAC. root user is the God (if your Linux is not “security enhanced” Linux)
    • 30. setuid a process invoked by a program with “setuid root” attribute will be given root privilege
    • 31. You might think
    • 32. You might think • getting rid of root user and setuid mechanisms , but it does not work
    • 33. You might think • getting rid of root user and setuid mechanisms , but it does not work • there are tasks for root
    • 34. You might think • getting rid of root user and setuid mechanisms , but it does not work • there are tasks for root • you can change your password because passwd command is setuid root
    • 35. You might think • getting rid of root user and setuid mechanisms , but it does not work • there are tasks for root • you can change your password because passwd command is setuid root • yes, we do need privileges
    • 36. AI
    • 37. AI
    • 38. AI
    • 39. rm -rf *
    • 40. mount chroot
    • 41. Concept, story, presentation design Toshiharu Harada (NTT DATA CORPORATION) Illustration Yumiko Tatsumoto (NTT DATA CORPORATION) and Akira Igarashi in association with Studio Padre Special thanks to of NTT DATA CORPORATION
    • 42. FreedomHEC 2008 is such a nice conference. I’m very happy to be here and appreciated the heartfelt supports by Huang Chao Lung, Mei-Li Chen, other staff and the sponsors. Hope you keep working and see again soon Linux
    • 43. This slides available at http://tomoyo.sourceforge.jp/taipei2008/

    ×