Needs to prevent executing su.
Thomas Bleher
bleher at informatik.uni-muenchen.de
Fri Jun 11 14:31:52 UTC 2004
* Igor Borisovsky <igor at datanaut.com> [2004-06-11 15:53]:
> root operates as server administrator. Now selinux policy configuration
> forbids root access to the postgresql data files.
> Postgresql database contains secure data. Therefore root must not be able to
> access to this information.
> Instead of there is database administrator. This person is authorized to do
> all database related operations.
> So I need to prevent executing 'su postgres' for root.
You should note that every uid==0 process can change its uid to anything
else, SELinux doesn't restrict this at all.
You can test this as root and user_r with the following perl command:
$ perl -MPOSIX -e 'POSIX::setuid(1000);system("id");'
So you should probably define a new role (say dataop_r) which gets
access to the database and make sure that root is not authorized for it.
I still don't think that it is possible to prevent sysadm_r from
accessing the database (think about replacing binaries, changing the
policy, raw disk access, ...) but others have already said that.
Thomas
--
http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages
GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA D09E C562 2BAE B2F4 ABE7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040611/66dc33e0/attachment.sig>
More information about the fedora-selinux-list
mailing list