[Pm-utils] some simple patches from fedora
Victor Lowther
victor.lowther at gmail.com
Wed Jan 30 07:35:34 PST 2008
On Jan 30, 2008 9:28 AM, Till Maas <opensource at till.name> wrote:
> On Wed January 30 2008, Victor Lowther wrote:
>
> > True. The way to defend against these scenarios is to ensure that all
> > our files and directories are owned by and only writable by root. If
> > an intruder already has root, pm-utils cannot defend against any
> > actions that user can take.
>
> If I find the time, I will test whether selinux would prevent pm-utils from
> cleaning out /etc/passwd when the logfile is a symlink to it. I guess selinux
> could help here.
Oh, I have no doubt that selinux could help, but we cannot count on it
being present. Workarounds to ensure that we do not break a common
selinux policy are one thing, workarounds that rely on selinux are
quite another.
> Regards,
> Till
>
> _______________________________________________
> Pm-utils mailing list
> Pm-utils at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/pm-utils
>
>
More information about the Pm-utils
mailing list