| |||||||||||||
|
| |||||||||||||
Progress on the Road to World DominationProgress on the Road to World DominationPosted Jul 19, 2002 12:50 UTC (Fri) by davecb (subscriber, #1574)Parent article: The road to World Domination [Part 1 of three, the comment window hates me] SecurityWhile crackers may now be targeting Apache as well as IIS, we're still developing better protections against them, here in the Unix world.Most commercial unix vendors already have military-grade versions of their operating systems, and both BSD and Linux have experimental variants with MAC (mandatory access control). With MAC, breaking into Apache or even root won't give access to users in other "compartments" or "security levels". I've lived under MAC on Multics, and didn't even know it was turned on, On Unix it's a bit more visible, expecially to the sysadmin, who now has a set of security admin functions to carry out, but it's not onerous. The added value is proportional to the added work. To the user, it only means an occasional message window warning that thay can't copy from a directory labelled <dad's work stuff, pretty darned secret> to <the web server, not secret at all>. The result is like a BSD jail on steroids, or firewalls between users or groups. While someone may break into the compartment for public information, they don't get to the one where I keep my baby pictures, so they can't mortify me by publishing what my mother considered "cute little David". This, therefor, is a trusted system for the safety of the system's owner, not the strange modern usage of a trusted system which prevents the owner access to his own property! [Interoperability and Proprietary software support in a sec]
(Log in to post comments)
|
|
||||||||||||