Secure Linux Primer (FreedomHEC 2008)

1,183 views

Published on

Published in: News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,183
On SlideShare
0
From Embeds
0
Number of Embeds
322
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide























































































































































  • Secure Linux Primer (FreedomHEC 2008)

    1. 1. % whoami
    2. 2. % whoami
    3. 3. % whoami
    4. 4. % whoami
    5. 5. % whoami
    6. 6. % whatis
    7. 7. % whatis
    8. 8. % whatis
    9. 9. % whatis
    10. 10. % about
    11. 11. % about
    12. 12. % about
    13. 13. % about
    14. 14. ReadMe
    15. 15. ReadMe
    16. 16. ReadMe
    17. 17. ReadMe
    18. 18. ReadMe
    19. 19. Now let’s review and see what happened
    20. 20. is better than
    21. 21. is better than
    22. 22. but was insufficient
    23. 23. but was insufficient
    24. 24. but was insufficient
    25. 25. DAC The owner can set the access attributes for his/her resource. This is called DAC (Discretionary Access Control). This is DAC % chmod 600 my_diary
    26. 26. • DAC can be overridden
    27. 27. • DAC can be overridden • You should set DAC carefully, but should not over trust it
    28. 28. • DAC can be overridden • You should set DAC carefully, but should not over trust it • When is DAC broken?
    29. 29. root user root user is not affected by DAC. root user is the God (if your Linux is not “security enhanced” Linux)
    30. 30. setuid a process invoked by a program with “setuid root” attribute will be given root privilege
    31. 31. You might think
    32. 32. You might think • getting rid of root user and setuid mechanisms , but it does not work
    33. 33. You might think • getting rid of root user and setuid mechanisms , but it does not work • there are tasks for root
    34. 34. You might think • getting rid of root user and setuid mechanisms , but it does not work • there are tasks for root • you can change your password because passwd command is setuid root
    35. 35. You might think • getting rid of root user and setuid mechanisms , but it does not work • there are tasks for root • you can change your password because passwd command is setuid root • yes, we do need privileges
    36. 36. AI
    37. 37. AI
    38. 38. AI
    39. 39. rm -rf *
    40. 40. mount chroot
    41. 41. Concept, story, presentation design Toshiharu Harada (NTT DATA CORPORATION) Illustration Yumiko Tatsumoto (NTT DATA CORPORATION) and Akira Igarashi in association with Studio Padre Special thanks to of NTT DATA CORPORATION
    42. 42. FreedomHEC 2008 is such a nice conference. I’m very happy to be here and appreciated the heartfelt supports by Huang Chao Lung, Mei-Li Chen, other staff and the sponsors. Hope you keep working and see again soon Linux
    43. 43. This slides available at http://tomoyo.sourceforge.jp/taipei2008/

    ×