On 10/26/2010 10:39 PM, Bruno Wolff III wrote:
On Tue, Oct 26, 2010 at 14:07:53 -0700, Jesse Keating jkeating@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE-----
That's only if you give root the right to disable or load new selinux policy.
And the policy is tight enough. You need to not allow root shells or most processes the ability to read the keys out of memory or to write memory that will change how things work. I don't think targeted policy is locked down enough to stop that even if you don't allow root to disble selinux.
Seriously, there are machines on the public Internet with a published root account. You're welcome to log in and try to do anything with them.
Yeah, I know about one guy that offers a root password if you ask. I am not sure what policy he is running on that machine.
It's Russell Coker, access details are available here:
http://www.coker.com.au/selinux/play.html
However the pages haven't been updated in a while and the service seems to be down right now.
Regards, Bryn.