[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Lower Process Capabilities



On Tue, 2009-07-28 at 20:13 -0500, Serge E. Hallyn wrote:
> Quoting Bill McGonigle (bill bfccomputing com):
> > On 07/28/2009 04:11 PM, Chris Adams wrote:
> > Still, is such a change less severe than changing what root means?  Is
> > Fedora that committed to SELinux?  What's it going to take to make most
> > people who shut off SELinux stop doing that?
> 
> Moving to heavier exploitation of capabilities doesn't mean
> stop using SELinux.  Any more than finding and fixing buffer
> overflows should only be done if we want to turn off selinux.

Well, it isn't quite the same thing.  Assignment of capabilities to
specific processes running specific binaries is something that SELinux
can already do via Type Enforcement.  And preventing a uid 0 process
from writing to system files is likewise something that SELinux can
already do via Type Enforcement.

So I think the only piece of the proposal that is orthogonal to SELinux
is privilege bracketing within the program (dropping caps after use).  
But the changes to the file and directory permissions seem more
questionable.

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]