Re: Installing new policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 12 Mar 2004 00:56, Jeff Johnson <n3npq@xxxxxxxxx> wrote:
> Adding --noscripts --notriggers automagically to each package not signed
> with
> trusted signature is an alternative that starts to avoid a lot of
> selinux pain. And,
> since very few 3rd party add-on packages are essential to system
> integrity, ther
> are few consequences running the scripts after that fact in an entirely
> different
> domain of execution.

As a future development I was thinking of having untrusted_bin_t and 
untrusted_etc_t and other similar types for files in such packages.  Then we 
could allow the scripts unrestricted access to those files but read-only 
access to other files.

It's just an idea that will need a lot of testing.  But it could allow us to 
have a package that wants to run some scripts to mangle it's own config files 
work well without modifications.

> There are still issues with trojan'ed files in payload, forcing chmod -x
> or chmod 000
> might start to limit damage.

That depends on how we want to do it.  We could just have an executable type 
untrusted_bin_t which prevents execution by sysadm_t, or something similar.

Some input from customers regarding what they want might be good.

> So it's the logical connection that leads from
>      rpm_script_t has too much access
> to
>      rpm needs multiple domains based on signature
> that I am seeking. selinux is not the only way to limit damage if you
> catch my drift.

True.  But I am thinking about SE Linux.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux