[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RPM security (a newbie question)

Stanisław T. Findeisen wrote:
Todd Zullinger wrote:
And, of course, on top of compiler options and firewalls, SELinux is
one more layer that is added to protect against problems in upstream
code.  If upstream code has some hole that tries to mail off
/etc/passwd somewhere, this is very likely to be denied by SELinux.
And when someone reports the denial, Dan, Miroslav, and the other
SELinux maintainers aren't too likely to allow it without asking what
good reason the upstream code would have to take such an action.

SELinux will not help you more if it gets overwritten/rootkited by malicious RPM package (for instance during the install process).

You execute rpm install as root, don't you.

Selinux might help you there but it depends entirely on the policy in use. SELinux has no concept of "root" as you understand it. In SELinux root is just another user that can be confined like everyone else, the current policy maintains the traditional "root is god" sort of thing but this is not a requirement of SELinux but a requirement of its user base.

As to what protection the current policy in use provides against that sort of thing, others more qualified may answer in more detail. If SELinux interests you then read this :


"Any fool can know. The point is to understand" --Albert Einstein



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]