Re: SELinux - a call for end-of-life.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2 Sep 2010, James Mckenzie wrote:

> However, this portion of the thread is the first case where I could actually state that this could be a MAJOR security hazard.  Let's expand this:
>
> 1.  An account with a weak password gets compromised.
> 2.  This account has a file added (either FTP/SFTP upload or a malicious script is written).
> 3.  The ownership of this file is changed to a user with elevated privileges, but not root.

This could be prevented by requiring notquiteroot's password.
As an additonal layer, it might be good to require notquiteroot
to make prior arrangements.

> It is rather interesting, but if this is prevented, then the file remains just a space waster...
>
> This is one of the functions of a good security system.

-- 
Michael   hennebry@xxxxxxxxxxxxxxxxxxxxx
"Pessimist: The glass is half empty.
Optimist:   The glass is half full.
Engineer:   The glass is twice as big as it needs to be."
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux