On Wed, 2005-06-01 at 04:01 +0200, Rudi Chiarito wrote: > > No matter how tempting, that also sounds like a perfect way for a > rogue > package to subvert the whole SELinux scheme, overriding the > preinstalled policy, right? Actually, I think all a rogue package has to do to subvert the SELinux scheme is to install itself where the regexps expect, and it will get labeled as a privileged process. It's certainly possible to restrict rpm on a SELinux system. I believe the current policy prevents it from writing to /etc/shadow, unless a tunable is on. On the other hand I am suspicious whether this protection works at all - it probably allows the rpm to install an executable over an auth_write binary, at which point it can just install a hostile executable there, and the battle is lost. I could be wrong though - I hadn't looked at the rpm policy until now... -- Ivan Gyurdiev <ivg2@xxxxxxxxxxx> Cornell University -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
