On Tue, 2005-05-31 at 22:20 -0400, Ivan Gyurdiev wrote: > Actually, I think all a rogue package has to do to subvert the SELinux > scheme is to install itself where the regexps expect, and it will get > labeled as a privileged process. > > It's certainly possible to restrict rpm on a SELinux system. I believe > the current policy prevents it from writing to /etc/shadow, unless a > tunable is on. > > On the other hand I am suspicious whether this protection works at all - > it probably allows the rpm to install an executable over an auth_write > binary, at which point it can just install a hostile executable there, > and the battle is lost. > > I could be wrong though - I hadn't looked at the rpm policy until now... Yes, rpm is effectively unrestricted at present. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
