LIDS subjects/objects LIDS allows different subjects (programs) to have different access to objects (capabilities or file ACLs). Examples: grant /usr/sbin/sshd read access to /etc/shadow grant /usr/sbin/getty read access to /etc/shadow hide /etc/shadow from all other files grant /sbin/init write access to /etc/initlvl grant read access to /etc/initlvl for all others grant /usr/bin/apache CAP_NET_BIND_SERVICE
Copyright 2003, Bri Hatch of Onsight, Inc.
Presented at ISSA Puget Sound, 2003.
Presentation created using vim and MagicPoint.