[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Is arbitrary access to rpm_t by sysadm_r a security problem?

From: Aleksey Nogin <aleksey nogin org>
To: "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>
Subject: Is arbitrary access to rpm_t by sysadm_r a security problem?
Date: Tue, 30 Mar 2004 23:42:42 -0800

I would imagine sysadm_r can do a lot anyway, but just in case it is a problem, here it is:

% id uid=500(aleksey) gid=500(aleksey) groups=500(aleksey) context=aleksey:sysadm_r:sysadm_t % rpm -q rpm --pipe id uid=500(aleksey) gid=500(aleksey) groups=500(aleksey) context=aleksey:sysadm_r:rpm_t

Basically, the --pipe option to rpm seems to be giving sysadm_r full access to sysadm_r:rpm_t

--
Aleksey Nogin

Home Page: http://nogin.org/
E-Mail: nogin cs caltech edu (office), aleksey nogin org (personal)
Office: Jorgensen 70, tel: (626) 395-2907

Follow-Ups:
- Re: Is arbitrary access to rpm_t by sysadm_r a security problem?
  - From: Russell Coker

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]