On Fri, 02 Apr 2004 Stephen Smalley wrote: >> Everything that I've read says that the 'su' command will change my >> Linux user ID but not my identity. Here's what I see: >> >> # id -Z >> root:staff_r:staff_t >> # su fred >> Your default context is fred:sysadm_r:sysadm_t. >> >> Do you want to choose a different one? [n]n >> $ id -Z >> fred:sysadm_r:sysadm_t >> >> My identity changed from 'root' to 'fred'. Bug? That seems a pretty >> fundamental flaw considering that every document that I've read uses >> 'su' to explain the difference between a user ID and an identity. >> >> By the way, I see the same result whether I use 'su' or 'su -'. I see >> the same result (a change in identity) whether I su from root to fred >> or from fred to root. >> >> So which one is right? The documentation or the code? > > RedHat chose to integrate security context transitions into su (via > pam_selinux). The NSA documentation and externally developed > sourceforge selinux HOWTOs/FAQs were written prior to that change. Unlike some posters here, I think SELinux is great, and I don't mean this to be a flame. But reading the existing documentation, I thought the idea of a SELinux identity being separate from the Unix user ID was that it couldn't change, so that it was possible to track people's activity, hold administrators to account, and to ensure users couldn't obtain escalating privileges. If RedHat have made the SELinux identity change with su, then it is identical to the Unix ID. Surely this weakens some of the security provided by SELinux? Hopefully someone can explain why I'm wrong! P.S. please can we add this list to Gmane? I read other Fedora lists there, but I've avoided subscribing to this one as I prefer to use a newsgroup interface. Jonathan