[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Stable server hacked

On Wed, 2003-08-13 at 16:02, Colin Walters wrote:

> Let me give an example of how SELinux protects my machine (verbum.org). 
> My blog is a Python script (pyblosxom) which runs in a domain called
> httpd_user_script_t. 

Oh, and what I forgot to mention about this domain is that it doesn't
have write access to any files, for example.  Nor (obviously) can it use
the mount syscall. And those restrictions carry over to any other
program it executes, including /bin/sh, /bin/ls, /bin/mount, whatever.

Reply to: