Originally posted here by catch
No, the Administrator CANNOT violate the system's security policy, why is this so hard for you to understand?
But rights which are granted to Administrator by default, allow them to do things which make the policy pretty much academic.

For example, the "Debug any process" privilege, gives the administrator access to do, well, anything pretty much, seeing as they can take control of any process they want, including ones inside your precious "trusted computing base". Likewise, loading kernel code does too.

I'm not sure if you'd want these privileges to be disabled; the system probably wouldn't work terribly well if they were.

What I'm asking is, how is this different from "root" being allowed to do anything? If it truly is, the difference is only academic.

Slarty