SELinux last straw
Rahul Sundaram
sundaram at fedoraproject.org
Wed Oct 17 20:27:04 UTC 2007
Les Mikesell wrote:
> Arthur Pemberton wrote:
>>
>> Now, you're insinuating that his expectations of SELinux caused him to
>> practice poor traditional security and so he got hacked. Which
>> completely ignores the fact that he did not have SELinux when he got
>> hacked.
>
> Are you saying it makes a difference if you've ssh'd in as root?
Sure it can. It all depends on policy. SSH is by default in Fedora
assigned a different policy which can be tuned to restrict access further.
Russell cooker has been for years running a SELinux system with open
root access via ssh just to demonstrate this.
http://www.coker.com.au/selinux/play.html
Rahul
More information about the fedora-list
mailing list