glibc post upgrade

Stephen Smalley sds at epoch.ncsc.mil
Thu Aug 26 13:51:53 UTC 2004


On Thu, 2004-08-26 at 09:44, Stephen Smalley wrote:
> On Thu, 2004-08-26 at 05:37, Jeff Johnson wrote:
> > Malicious code from untrusted package problem not going to be solved by 
> > rpm_script_t alone afaict either.
> 
> Right.  We still need a mechanism for distinguishing among packages and
> running scriptlets in different domains based on either some property of
> the package (the authority that signed it) or some knowledge of the
> admin (i.e. he specifies the desired scriptlet domain for all packages
> obtained from a given repository in his yum.conf or similar).

Not to mention needing different domains for rpm itself in such
scenarios...

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the fedora-selinux-list mailing list