Re: RPM support for SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Oct 22, 2009, at 3:12 PM, Joshua Brindle wrote:


Jeff Johnson wrote:


On Oct 22, 2009, at 2:37 PM, Chad Sellers wrote:
I just wanted to let everyone know that we've submitted a patchset to add 
more robust SELinux support to RPM4. You can view the patchset here:

http://lists.rpm.org/pipermail/rpm-maint/2009-October/002561.html

Note that these patches require running on the current trunk of
libselinux
and libsemanage.
If you're interested in trying out the support or just looking at how it 
works, we've put up a wiki page talking about it here:

http://selinuxproject.org/page/RPM

Comments are welcome.




Just a short reply:

The patches will never be included @rpm5.org as is because
you missed the abstraction (for packaging) and haven't tied
various stray identifiers as in
Type: mls targeted
These should never be "concrete" in RPM. These are identifiers that are created on end systems and forcing a specific set of them is a good way to make sure custom solutions won't use this feature in RPM. 



The bz2 blobs need to be verifiable even if opaque.

And the tagging (which you've chosen to add to *.rpm) needs
to be verifiable as being accurate, however that is arranged.

The fundamental design flaw is that you are choosing to distribute
security sensitive policy tagging without any visible means (other than what is provided by bzip2) that the blob's are, in fact, what they are supposed 
to be.
The claimed purpose of this patch set (by you) is so that rpm can be labeled 
as "untrusted". I haven't any problem whatsoever with RPM being labeled
"untrusted". Just that you cannot send "trusted" data through an "untrusted" 
channel without any means of verification and expect anything other than
	Sh*t happens.


to anything concrete.

There are other and deeper flaws within the highly unnormalized data
within the *.bz2 policy blobs.
Well, you can normalize the data if you want but chances are the format will be changing from the current binary blob to a text file parseable only by high level compilers on the end systems in the near future. 



So change the format. I can only see what patches you've posted.
If the flaws are "fixed in the next release", well, I'll patiently wait for "the next release". What I see in the current patch set is mis- designed and just 
plain wrong.

73 de Jeff

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux