RPM security (a newbie question)
"Stanisław T. Findeisen"
sf181257 at students.mimuw.edu.pl
Thu Apr 2 13:22:16 UTC 2009
Todd Zullinger wrote:
> And, of course, on top of compiler options and firewalls, SELinux is
> one more layer that is added to protect against problems in upstream
> code. If upstream code has some hole that tries to mail off
> /etc/passwd somewhere, this is very likely to be denied by SELinux.
> And when someone reports the denial, Dan, Miroslav, and the other
> SELinux maintainers aren't too likely to allow it without asking what
> good reason the upstream code would have to take such an action.
SELinux will not help you more if it gets overwritten/rootkited by
malicious RPM package (for instance during the install process).
You execute rpm install as root, don't you.
STF
=======================================================================
http://eisenbits.homelinux.net/~stf/
OpenPGP: 9D25 3D89 75F1 DF1D F434 25D7 E87F A1B9 B80F 8062
=======================================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20090402/b821df29/attachment-0001.sig>
More information about the fedora-list
mailing list