On Fre, Nov 16, 2001 at 04:13:16AM -0900, Ethan Benson wrote: > > > Root is God. Anything you do on the system is potentially visible to > > > root.
this is, with the right patches applied, not true. > > What's about rsbac? Are there other strategies against root available? > > root usually has physical access to the hardware anyway. but root usually also does have remote access. take a look at http://www.lids.org LIDS. this is a kernel patch to seperate root from the kernel (a new level of security) by having capability and mandatory access control list support in your kernel. you can very fine tune the setup. for a real linux multi-user system, it's the perfect secruity patch.