Re: SELinux and third party installers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2005-01-04 at 11:25, Mike Hearn wrote:
> OK, so what would Colins proposed daemon actually do then? Is kernel-level
> context propagation enough and if so why does install have to be modified?
> 
> I'm a little confused now and feel I'm missing some key bit of
> understanding ...

I'm not in favor of the daemon idea.  "install" is akin to "rpm" in the
sense of installing a file, so it may make sense to initialize its
security context based on pathname at that time, because we have no real
runtime knowledge of its security properties and have presumably checked
its integrity in some manner prior to installation.  But for normal
day-to-day file copying, the kernel (or some daemon) has no way of
knowing whether:
a) the context of the original should be preserved (e.g. making a backup
copy of /etc/shadow),
b) the context of the target location should be used (e.g. copying a
file from /home to /var/www to export it via apache),
c) the context should factor in information about the copying process,
reflecting its own confidentiality or integrity properties.

Hence, any "automagic" technique based on pathname is not suitable.  

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux