> I recently read a paper about the role base security now in the kernel. > Would your last statement be true under that scenario? That is, if a cd role was > created as restricted as it could be? Would it be true if the role was combined > with SELinux? I'd still be able to patch the firmware to make the drive hand back a fake bootable image which hacked the box before Linux ever ran (assuming the CD drive was in the boot order) The right answer is to have patches to let HAL update the command table according to the drive identity. So far nobody has considered it important enough to produce some (that I've seen anyway). You might want to combine that with role based security or SELinux rules Alan -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
