trying to understand SELinux message
Paul Allen Newell
pnewell at cs.cmu.edu
Tue Nov 17 04:29:41 UTC 2009
Daniel J Walsh wrote:
> On 11/16/2009 12:09 AM, Paul Allen Newell wrote:
>
>>
> Paul SELinux policy can not be written in such a way to allow you to run X Windows as root.
>
> The problem is too many Applications require rights to write to the homedir and we want to treat /root differently then /home.
> Allow an confined application to write to /root would allow it to do evil stuff by replacing /root/.bashrc for example.
>
> And the next time an admin logged in the script would run.
>
> If you require running X as root then you will need to put SELinux into permissive mode. In F12 we are now preventing users from logging in as root from GDM because it is so dangerous from a security point of view.
>
> Imagine running firefox as root and what problems it can cause.
>
>
Daniel:
This is a very good explanation of why I should not be logging in and
running X Windows as root. I obviously needed a few lectures on this
forum to help beat it in and I am glad I got them.
Paul
More information about the fedora-list
mailing list