Privelege separation
Michel Arboi
mikhail at nessus.org
Tue Aug 24 10:57:25 EDT 2004
On Tue Aug 24 2004 at 16:30, eric wrote:
> Not everyone uses linux.
Indeed. For FreeBSD, try jails (not as good as a OS MAC, but better
than nothing). For Solaris, buy Trusted Solaris. etc.
We have already talked about this privilege separation stuff, and
my opinion is that it does not really improve the security (whatever
this word means). It would make the code more complex, though, and the
result would not be as good as grsec ACLs.
Nessus has to run as root: it should be able to bind to low
"privileged" ports, to open raw sockets, to sniff network traffic...
More information about the Nessus
mailing list