begin quoting Tracy R Reed as of Wed, Feb 02, 2005 at 09:48:24AM -0800: > On Tue, Feb 01, 2005 at 08:18:00PM -0800, Todd Walton spake thusly: > > Is GNU/Linux (or even Unix in general) secure enough > > that even inexperienced programmers can't write system-compromising > > code? I don't think so. > > With SE Linux I believe it should be. If I can give out the root password > of my SE Linux enabled box to anyone on the net such that they can get a > shell but not compromise the system it should be able to handle the > inexperienced programmer.
Last I recall, getting the root password to your SE Linux box got a shell with no access to any tools anywhere. That may be a good thing for an inexperienced programmer not being able to compromise your system, but it doesn't let that programmer do anything. What we need is an inexperienced programmer writing real code that needs setuid access (so says the programer), and an inexperienced administrator to install and run the code (so fancy SELinux configuration is out). -Stewart "And then a nice dose of Murpy" Stremler -- KPLUG-List mailing list [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
