Revision as of 10:39, 13 April 2024 edit MüllerMarcus (talk \| contribs) 367 edits →Services: Remove (unmarked as such) Linux-specific tutorial content. ← Previous edit		Revision as of 10:40, 13 April 2024 edit undo MüllerMarcus (talk \| contribs) 367 edits →SELinux: This is orthogonal to '''UNIX''' security, because it's Linux-specific, and also, one of multiple LSMs that might be used under Linux. Next edit →
Line 48: Root squash is a technique to avoid privilege escalation on the client machine via suid executables [[Setuid]]. Without root squash, an attacker can generate suid binaries on the server that are executed as root on other client, even if the client user does not have superuser privileges. Hence it protects client machines against other malicious clients. It does not protect clients against a malicious server (where root can generate suid binaries), nor does it protect the files of any user other than root (as malicious clients can impersonate any user). ~~==SELinux==~~ [[SELinux]] is the set of kernel extensions to control access more precisely, strictly defining both if and how files, folders, network ports and other resources can be accessed by the confined process. This system is mostly used to restrict processes (database, server) rather than human users. It can also limit processes that run as root. Other distributions use comparable alternatives like [[AppArmor]]. ==Viruses and virus scanners==

Unix security: Difference between revisions