Re: Needs to prevent executing su.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Igor Borisovsky <igor@xxxxxxxxxxxx> [2004-06-11 15:53]:
> root operates as server administrator. Now selinux policy configuration
> forbids root access to the postgresql data files.
> Postgresql database contains secure data. Therefore root must not be able to
> access to this information.
> Instead of there is database administrator. This person is authorized to do
> all database related operations.
> So I need to prevent executing 'su postgres' for root.

You should note that every uid==0 process can change its uid to anything
else, SELinux doesn't restrict this at all.
You can test this as root and user_r with the following perl command:
$ perl -MPOSIX -e 'POSIX::setuid(1000);system("id");'

So you should probably define a new role (say dataop_r) which gets
access to the database and make sure that root is not authorized for it.

I still don't think that it is possible to prevent sysadm_r from
accessing the database (think about replacing binaries, changing the
policy, raw disk access, ...) but others have already said that.

Thomas

-- 
http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages
GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA  D09E C562 2BAE B2F4 ABE7

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux