User: Password:
|
|
Subscribe / Log in / New account

SELinux and Fedora

SELinux and Fedora

Posted Jul 11, 2008 2:14 UTC (Fri) by mgb (guest, #3226)
In reply to: SELinux and Fedora by yodermk
Parent article: SELinux and Fedora

This may be a dumb question, but what's to stop the putative black hat from issuing
"setenforce 0" before merrily working his evil?


(Log in to post comments)

SELinux and Fedora

Posted Jul 11, 2008 7:48 UTC (Fri) by petebull (guest, #7857) [Link]

My guess: that command is not available for over the net access, it's only 
executable at the console.

SELinux and Fedora

Posted Jul 11, 2008 18:51 UTC (Fri) by nix (subscriber, #2304) [Link]

Well, yeah, but part of the point of SELinux was, I thought, that root 
could be confined. (Not that this is terribly useful, because there are 
too many ways that root can mess up the machine. To hear PaXTeam et al 
talk, everyone's running with a confined root so that DoS attacks and 
holes only exploitable by root are significant. I find it rather unlikely 
that *anyone* who cares about security is running under the assumption 
that confined root really is secure, exactly because of the enormous 
number of such 'attacks'. But I don't have any numbers and may be wrong.)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds