On 7/2/07, John Dennis <jdennis@xxxxxxxxxx> wrote:
On Mon, 2007-07-02 at 22:30 +0530, Rahul Sundaram wrote:
> > 2) The information contained in an AVC denial is security sensitive. It > > would be a huge security hole to automatically transmit any of this > > information in the form of a bug report or other notification channel. > > Encrypt it before transmission and scrub the data before revealing > anything. Also this concern is already somewhat offset from the effort > described below. Automatically sending security information to a remote third party is not going to be accepted by most users and certainly could not be enabled by default. If automatic transmission is not enabled by default then what is gained over an administrator of the system being automatically notified of a denial by setroubleshoot and letting them evaluate if this particular AVC denial needs to be elevated to a bug report?
Also scrubbing the data can be very hard since the information that could be sensitive is more than user name/ip address. While there might be some statistical information that could be picked up (hmmm 4000 users have problems with /xen installations... maybe we should see if there is a problem with the policy and what people think they are doing. Another issue I could see is that if someone opted into the program, and Fedora 'witnesses' a breakin (or some other criminal act) via a Selinux report... what are the reporting requirements (depending on the nation that the servers are in and where the client is.) -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
