Re: OpenSSH-5.3p1 selinux problem on CentOS-5.4.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



James B. Byrne wrote:

<snip>

> 
> I am not sure what effect disabling SELinux support in SSH actually
> has from a security standpoint.  So, if anyone cares to enlighten me
> on the the consequences I would like to know.
> 


I was under the impression that sshd runs unconfined in the current CentOS?

$ ps axZ | grep sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 2766 ? Ss   0:00 
/usr/sbin/sshd

For example, you don't need to change the ssh_port in SELinux when 
running the sshd on an alternative port, I assume because sshd is 
running unconfined.

Also, it makes little sense to me to run sshd in a confined domain as an 
ssh login will give the user a login (bash) shell, which also runs 
unconfined:

$ ps axZ | grep bash
user_u:system_r:unconfined_t     8504 pts/3    Ss     0:00 /bin/bash
user_u:system_r:unconfined_t    16789 pts/4    Ss     0:00 /bin/bash

Or maybe I totally misunderstand?

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux