<quote who="Ken Foskey"> > On Mon, 2004-11-08 at 10:40 +1100, Jeff Waugh wrote: > > Note that the entire break-in started with a sniffed password, which > > SELinux could not help with in the slightest. It may have kept the > > intruder stuck with no where to go. > > I am still confused why SELlinux would have prevented the escalation to > root? There was a method by which a common program could intrude on the > kernel, does it stop you from executing code?
SELinux, when configured properly, would have made it inordinately hard for an unprivileged [1] user to escalate their privileges to the equivalent of root (because, with SELinux, you can make 'root' or uid 0 entirely useless). So that common program may not have the capabilities to intrude on the kernel as it might on other systems. - Jeff [1] and with SELinux, we're talking about *much* finer grain privileges and capabilities that Linux provides -- linux.conf.au 2005: Canberra, Australia http://lca2005.linux.org.au/ Push the envelope, or push the daisies. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
