SELinux - a call for end-of-life.
Michael Hennebry
hennebry at web.cs.ndsu.nodak.edu
Thu Sep 2 15:58:38 UTC 2010
On Thu, 2 Sep 2010, James Mckenzie wrote:
> However, this portion of the thread is the first case where I could actually state that this could be a MAJOR security hazard. Let's expand this:
>
> 1. An account with a weak password gets compromised.
> 2. This account has a file added (either FTP/SFTP upload or a malicious script is written).
> 3. The ownership of this file is changed to a user with elevated privileges, but not root.
This could be prevented by requiring notquiteroot's password.
As an additonal layer, it might be good to require notquiteroot
to make prior arrangements.
> It is rather interesting, but if this is prevented, then the file remains just a space waster...
>
> This is one of the functions of a good security system.
--
Michael hennebry at web.cs.ndsu.NoDak.edu
"Pessimist: The glass is half empty.
Optimist: The glass is half full.
Engineer: The glass is twice as big as it needs to be."
More information about the users
mailing list