glibc post upgrade

Jeff Johnson n3npq at nc.rr.com
Thu Aug 26 16:12:03 UTC 2004


Stephen Smalley wrote:

>On Thu, 2004-08-26 at 09:44, Stephen Smalley wrote:
>  
>
>>On Thu, 2004-08-26 at 05:37, Jeff Johnson wrote:
>>    
>>
>>>Malicious code from untrusted package problem not going to be solved by 
>>>rpm_script_t alone afaict either.
>>>      
>>>
>>Right.  We still need a mechanism for distinguishing among packages and
>>running scriptlets in different domains based on either some property of
>>the package (the authority that signed it) or some knowledge of the
>>admin (i.e. he specifies the desired scriptlet domain for all packages
>>obtained from a given repository in his yum.conf or similar).
>>    
>>
>
>Not to mention needing different domains for rpm itself in such
>scenarios...
>  
>

There are a slew of issues beyond the mechanics of exec'ing a helper to 
establish a new
domain for rpm to run in.

The open questions that I have are:
   a) Can untrusted and trusted data be stored in the same file?
   b) Can trusted packages depend on untrusted? How?
   c) How to preserve the existing rpmlib API while re-execing a helper 
that will require
    non-trivial amounts of state to be reconstructed?

"trust" defined however selinux wishes of course.

Probably easier to write an installer from scratch for selinux purposes 
than it will be to
try to adapt the existing rpm code base is my current opinion.

73 de Jeff




More information about the fedora-selinux-list mailing list