Posted 03 April 2005 - 12:25 AM
This is one of the most powerful security features I know of. Limiting what resources an application has accesses to during run time is wildly successful at keeping out attackers. Its really one of the defining factors that makes Linux more secure than windows.
This concept is more prevalent in OpenBSD, and its the reason why OpenBSD is the most secure OS in the world (this is not open for discussion, it is fact... Windows 2003 is useless by default, if you actually want to do anything with it, it is less secure [period]). The NSA wrote Selinux which uses these same features. Fedora borrows a lot of code from Selinux.
There are two packages for Linux where you can implement security, i can't remember the names at this time.
This security model is wildly successful. However it has one downfall, its difficult to implement. If you have a POSIX god that knows what he is doing you are SOL. Your main hope is a privilege escalation attack. In most cases you should have access to /tmp so you have a place to dump files. The problem is you might not have access to gcc, or like you said the ability to execute non-system apps. If someone is on the ball with there access rights they will do stuff like disallow /bin/bash...
If you have access to the /etc/passwd file you could try bruting the account names... I know its lame but you really don't have many options.
Windows was never meant to be a multi-user work station, thus there are some serious weaknesses if you have some kind of access to the machine its pretty easy to get full access. In Posix for the most part you are SOL.
paece
Sign In
Register
Help
MultiQuote
