| 1 |
On Sunday 15 November 2009 16:40:48 Nikos Chantziaras wrote: |
| 2 |
> On 11/15/2009 11:22 AM, Dirk Heinrichs wrote: |
| 3 |
> > SELinux allows to spread the tasks root needs to do or can do accross |
| 4 |
> > several roles. Of course, if only one single person has root access to |
| 5 |
> > the system this doesn't make sense. But we're talking about cases where |
| 6 |
> > several people (incl. the malicious attacker) have root access. So you |
| 7 |
> > can very well configure a (SE-)Linux system so that "root" can't do |
| 8 |
> > everything. |
| 9 |
> |
| 10 |
> So how do you get your machine back if you forbid yourself to change its |
| 11 |
> configuration then? |
| 12 |
|
| 13 |
|
| 14 |
reboot|power down|pull power plug out|whatever and edit kernel config line to |
| 15 |
not laod selinux |
| 16 |
|
| 17 |
-- |
| 18 |
alan dot mckinnon at gmail dot com |
Archives