Needs to prevent executing su.

Thomas Bleher bleher at informatik.uni-muenchen.de
Fri Jun 11 14:31:52 UTC 2004


* Igor Borisovsky <igor at datanaut.com> [2004-06-11 15:53]:
> root operates as server administrator. Now selinux policy configuration
> forbids root access to the postgresql data files.
> Postgresql database contains secure data. Therefore root must not be able to
> access to this information.
> Instead of there is database administrator. This person is authorized to do
> all database related operations.
> So I need to prevent executing 'su postgres' for root.

You should note that every uid==0 process can change its uid to anything
else, SELinux doesn't restrict this at all.
You can test this as root and user_r with the following perl command:
$ perl -MPOSIX -e 'POSIX::setuid(1000);system("id");'

So you should probably define a new role (say dataop_r) which gets
access to the database and make sure that root is not authorized for it.

I still don't think that it is possible to prevent sysadm_r from
accessing the database (think about replacing binaries, changing the
policy, raw disk access, ...) but others have already said that.

Thomas

-- 
http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages
GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA  D09E C562 2BAE B2F4 ABE7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040611/66dc33e0/attachment.sig>


More information about the fedora-selinux-list mailing list