On Wed, Feb 02, 2005 at 10:01:27AM -0800, Stewart Stremler spake thusly: > Last I recall, getting the root password to your SE Linux box got a > shell with no access to any tools anywhere.
On the contrary, you can run any program a normal user would be able to run. You can compile any code you want, ftp in anything you want, etc. You can even install anything you want in your own $HOME. A programmer should be able to do his job completely in such an environment. > What we need is an inexperienced programmer writing real code that needs > setuid access (so says the programer), and an inexperienced administrator to > install and run the code (so fancy SELinux configuration is out). Fancy SE Linux configuration is out for the moment but I bet we will have more dynamic secure and self-configuring policies via a sort of "learn mode" for SE Linux in the near future that will let inexperienced administrators do their thing. -- Tracy Reed http://ultraviolet.org This message is cryptographically signed for your protection. Info: http://copilotconsulting.com/sig
pgphlBmUmJJFN.pgp
Description: PGP signature
-- KPLUG-List mailing list [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
