Re: Debian suggestion on File Deletion

Hi David,

Thanks for your suggestion,

On Wed, Dec 12, 2007 at 12:19:28PM -0800, David de Hilario Richards wrote:
> The system/administration section of the OS is password protected.
> This is a good protection against viruses etc that would attack the OS
> but maybe the Debian developers could include password protecting
> Emptying the Trash. So when you delete files, they would be sent to
> the Trash as always but if you want to empty it, a user password would
> be necessary. This would prevent harm from viruses even though I
> understand that Linux has very few of them.
>
> The same idea could be applied to the Terminal. The Terminal would ask
> for a password every time you would want to delete a file.

The problem is, a malicious program (virus, etc) does not need a Terminal or Trash to delete files. It just directly asks the operating system kernel to do that. The kernel obeys if (simplifying) the program is running as the user who owns the file to be deleted. This is often the case.

However, there is functionality called SELinux (Security Enhanced Linux if memory serves) which allows to say specifically which programs are allowed to perform what actions. It makes it possible to restrict malicious programs from doing anything malicious.

SELinux is available in the current stable release of Debian.

Unfortunately, it is quite difficult to configure, and currently causes problems with programs which are not malicious as well. We hope to get it more useful in future Debian releases.

Regards,

-- 
Marcin Owsiany <
porridge(at)debian.org>             
http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek