Mounting an encrypted volume presents the volume to all users on a machine
Jesse Keating
jkeating at redhat.com
Tue Oct 26 21:07:53 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/26/2010 01:05 PM, Bruno Wolff III wrote:
> On Tue, Oct 26, 2010 at 14:18:55 -0400,
> Przemek Klosowski <przemek.klosowski at nist.gov> wrote:
>>
>> Such user-differentiated authorization is provided by the filesystem
>> access rights, ACLs and SELinux attributes. Note that unlike the first
>> two mechanisms, SELinux can protect the data even for systems with
>> compromised root---as someone said, SELinux can be configured so that
>> you can tell people "here's the root password; now break into my computer".
>
> That's overstating things a bit. A root compromise is usually going to allow
> working around selinux limitations.
That's only if you give root the right to disable or load new selinux
policy.
Seriously, there are machines on the public Internet with a published
root account. You're welcome to log in and try to do anything with them.
- --
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkzHQykACgkQ4v2HLvE71NWTLQCgqDG5fxdz5JIN9UHJgoKgjoTu
nqIAn36jkuXDvxah49dukTjQ2hWyj5+q
=TQbe
-----END PGP SIGNATURE-----
More information about the devel
mailing list