On Mon Nov 08, 2004 at 20:59:00 +1100, Ken Foskey wrote: >On Mon, 2004-11-08 at 10:40 +1100, Jeff Waugh wrote: >> <quote who="O Plameras"> >> > For example, it should have taken the break-in longer from the time the >> > attempt was first tried to the time it succeeded. And so, SysAdmin would >> > have longer window to realise there has been attempts on the servers ? It >> > should have confined the first break-in to within a limited set of >> > functionalities ? >> >> Note that the entire break-in started with a sniffed password, which SELinux >> could not help with in the slightest. It may have kept the intruder stuck >> with no where to go. > >I am still confused why SELlinux would have prevented the escalation to >root? There was a method by which a common program could intrude on the >kernel, does it stop you from executing code?
Not for sure, but the way this kind of thing should work, is stopping you from running certain system calls, for example, ptrace. Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
