On Tue, 2006-08-15 at 18:28 +0200, Paolo D. wrote: > Hello everybody, > perhaps a newbie question; should it be the case, please beg your pardon. > Let's imagine a user acquire root rights. Especially on Fedora Core, which > modify su command to automatically map it to sysadm_r role, couldn't he/she > simply disable SELinux, delete logs, and so on? What does "acquire root rights" mean? Logged in as the root user, or exploited a suid root program or uid 0 process to gain uid 0? Two very different things as far as SELinux is concerned. A few observations: 1) Your questions are presumably oriented toward the strict policy, not the default targeted policy since you are talking about sysadm_r. 2) pam_rootok is instrumented for SELinux, so uid 0 process cannot su to an arbitrary user without knowing their password unless that process is also in an authorized domain. 3) In FC5, su no longer switches contexts; separate newrole is once again required. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
