On Jan 30, 2008 9:28 AM, Till Maas <[EMAIL PROTECTED]> wrote: > On Wed January 30 2008, Victor Lowther wrote: > > > True. The way to defend against these scenarios is to ensure that all > > our files and directories are owned by and only writable by root. If > > an intruder already has root, pm-utils cannot defend against any > > actions that user can take. > > If I find the time, I will test whether selinux would prevent pm-utils from > cleaning out /etc/passwd when the logfile is a symlink to it. I guess selinux > could help here.
Oh, I have no doubt that selinux could help, but we cannot count on it being present. Workarounds to ensure that we do not break a common selinux policy are one thing, workarounds that rely on selinux are quite another. > Regards, > Till > > _______________________________________________ > Pm-utils mailing list > [email protected] > http://lists.freedesktop.org/mailman/listinfo/pm-utils > > _______________________________________________ Pm-utils mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/pm-utils
