-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/26/2010 01:05 PM, Bruno Wolff III wrote: > On Tue, Oct 26, 2010 at 14:18:55 -0400, > Przemek Klosowski <przemek.klosowski@xxxxxxxx> wrote: >> >> Such user-differentiated authorization is provided by the filesystem >> access rights, ACLs and SELinux attributes. Note that unlike the first >> two mechanisms, SELinux can protect the data even for systems with >> compromised root---as someone said, SELinux can be configured so that >> you can tell people "here's the root password; now break into my computer". > > That's overstating things a bit. A root compromise is usually going to allow > working around selinux limitations. That's only if you give root the right to disable or load new selinux policy. Seriously, there are machines on the public Internet with a published root account. You're welcome to log in and try to do anything with them. - -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzHQykACgkQ4v2HLvE71NWTLQCgqDG5fxdz5JIN9UHJgoKgjoTu nqIAn36jkuXDvxah49dukTjQ2hWyj5+q =TQbe -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
