Jonathan Rawle wrote:
You are right. We are designing SELinux to be used by the masses and we felt thatOn Fri, 02 Apr 2004 Stephen Smalley wrote:
RedHat chose to integrate security context transitions into su (viaEverything that I've read says that the 'su' command will change my Linux user ID but not my identity. Here's what I see:
# id -Z root:staff_r:staff_t # su fred Your default context is fred:sysadm_r:sysadm_t.
Do you want to choose a different one? [n]n $ id -Z fred:sysadm_r:sysadm_t
My identity changed from 'root' to 'fred'. Bug? That seems a pretty fundamental flaw considering that every document that I've read uses 'su' to explain the difference between a user ID and an identity.
By the way, I see the same result whether I use 'su' or 'su -'. I see the same result (a change in identity) whether I su from root to fred or from fred to root.
So which one is right? The documentation or the code?
pam_selinux). The NSA documentation and externally developed
sourceforge selinux HOWTOs/FAQs were written prior to that change.
Unlike some posters here, I think SELinux is great, and I don't mean this to be a flame.
But reading the existing documentation, I thought the idea of a SELinux identity being separate from the Unix user ID was that it couldn't change, so that it was possible to track people's activity, hold administrators to account, and to ensure users couldn't obtain escalating privileges.
If RedHat have made the SELinux identity change with su, then it is
identical to the Unix ID. Surely this weakens some of the security
provided by SELinux? Hopefully someone can explain why I'm wrong!
if we changed the way UNIX/Linux worked to radically people would just turn it off.
Or even worse go to a competitor :^(. So we have the concept of tunables which should
be come more prevalent in future test versions. This will allow admins to select the amount
of protection they want including turning off user_canbe_admin which will separate users,
from staff by policy.
Our goal in the first release is to introduce MAC and protect the external facing (networked daemons).
So these will be protected by MAC.
So if you had a machine that only served web pages, you could turn off all the tunables, and end up with
the pretty much the policy the NSA intended.
P.S. please can we add this list to Gmane? I read other Fedora lists there, but I've avoided subscribing to this one as I prefer to use a newsgroup interface.
Jonathan
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
