Mounting an encrypted volume presents the volume to all users on a machine
Bryn M. Reeves
bmr at redhat.com
Wed Oct 27 10:35:30 UTC 2010
On 10/26/2010 10:39 PM, Bruno Wolff III wrote:
> On Tue, Oct 26, 2010 at 14:07:53 -0700,
> Jesse Keating <jkeating at redhat.com> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> That's only if you give root the right to disable or load new selinux
>> policy.
>
> And the policy is tight enough. You need to not allow root shells or most
> processes the ability to read the keys out of memory or to write memory
> that will change how things work. I don't think targeted policy is locked
> down enough to stop that even if you don't allow root to disble selinux.
>
>> Seriously, there are machines on the public Internet with a published
>> root account. You're welcome to log in and try to do anything with them.
>
> Yeah, I know about one guy that offers a root password if you ask. I am
> not sure what policy he is running on that machine.
It's Russell Coker, access details are available here:
http://www.coker.com.au/selinux/play.html
However the pages haven't been updated in a while and the service seems to be
down right now.
Regards,
Bryn.
More information about the devel
mailing list