[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: newrole using SELinux user identity for password lookups
- From: Stephen Smalley <sds epoch ncsc mil>
- To: Colin Walters <walters redhat com>
- Cc: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
- Subject: Re: newrole using SELinux user identity for password lookups
- Date: Wed, 21 Apr 2004 15:40:37 -0400
On Wed, 2004-04-21 at 15:33, Colin Walters wrote:
> Ok, that all makes sense. Why not then just use getpwuid(getuid())
> instead of getpwnam?
>
> Hm, although I see one reason - on a SELinux system where "su" is not
> modified, and a normal user with their own SELinux user identity uses
> "su" to become uid 0, then uses newrole, they'd be prompted for the root
> password instead of their password.
>
> However for Fedora where we've modified "su", this is not an issue.
I'd rather move away from asking for a password at all in newrole, and
substitute some other user confirmation mechanism (one that doesn't risk
exposure of a secret).
> Yeah. It seems there is some work in this area going on:
> http://shellcode.org/Kernel/tpe/
TPE is _not_ related to the classical notion of trusted path at all.
Type Enforcement is a better mechanism for providing the equivalent
functionality of TPE. Trusted path is described in the latter part of
http://www.nsa.gov/selinux/papers/inevitability/#2 , among other places.
--
Stephen Smalley <sds epoch ncsc mil>
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]