Re: SELinux last straw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora <fedora-list@xxxxxxxxxx>
Subject: Re: SELinux last straw
From: Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx>
Date: Thu, 18 Oct 2007 02:57:04 +0630
In-reply-to: <47167B0A.5010508@xxxxxxxxx>
Organization: Red Hat
References: <33385737.1192589018703.JavaMail.root@xxxxxxxxxxxxxxx> <471625F1.9020405@xxxxxxxxx> <16de708d0710170841n7cc87c8dqdfefb8eb7e5fddc5@xxxxxxxxxxxxxx> <471636D9.8050001@xxxxxxxxx> <16de708d0710170933j7acc02f6s3d1fde6a93b07330@xxxxxxxxxxxxxx> <47164D66.3040809@xxxxxxxxx> <16de708d0710171124x53dc8d14j79610d47df34291a@xxxxxxxxxxxxxx> <4716605B.3030107@xxxxxxxxx> <16de708d0710171246v702fb483ob18c3433fcd6d231@xxxxxxxxxxxxxx> <47166942.9040200@xxxxxxxxx> <16de708d0710171304r64a38e52r2065fe0eb35ed4ed@xxxxxxxxxxxxxx> <47167B0A.5010508@xxxxxxxxx>
Reply-to: For users of Fedora <fedora-list@xxxxxxxxxx>
User-agent: Thunderbird 2.0.0.6 (X11/20070926)

Les Mikesell wrote:

Arthur Pemberton wrote:


Now, you're insinuating that his expectations of SELinux caused him to
practice poor traditional security and so he got hacked. Which
completely ignores the fact that he did not have SELinux when he got
hacked.


Are you saying it makes a difference if you've ssh'd in as root?

Sure it can. It all depends on policy. SSH is by default in Fedoraassigned a different policy which can be tuned to restrict access further.

Russell cooker has been for years running a SELinux system with openroot access via ssh just to demonstrate this.


http://www.coker.com.au/selinux/play.html

Rahul

References:
- RE: SELinux last straw
  - From: Lamar Owen
- Re: SELinux last straw
  - From: Les Mikesell
- Re: SELinux last straw
  - From: Arthur Pemberton
- Re: SELinux last straw
  - From: Les Mikesell
- Re: SELinux last straw
  - From: Arthur Pemberton
- Re: SELinux last straw
  - From: Les Mikesell
- Re: SELinux last straw
  - From: Arthur Pemberton
- Re: SELinux last straw
  - From: Les Mikesell
- Re: SELinux last straw
  - From: Arthur Pemberton
- Re: SELinux last straw
  - From: Les Mikesell
- Re: SELinux last straw
  - From: Arthur Pemberton
- Re: SELinux last straw
  - From: Les Mikesell

Prev by Date: Re: SELinux last straw
Next by Date: Re: SELinux last straw
Previous by thread: Re: SELinux last straw
Next by thread: Re: SELinux last straw
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]