Installing new policy
Russell Coker
russell at coker.com.au
Thu Mar 11 14:59:06 UTC 2004
On Fri, 12 Mar 2004 00:56, Jeff Johnson <n3npq at nc.rr.com> wrote:
> Adding --noscripts --notriggers automagically to each package not signed
> with
> trusted signature is an alternative that starts to avoid a lot of
> selinux pain. And,
> since very few 3rd party add-on packages are essential to system
> integrity, ther
> are few consequences running the scripts after that fact in an entirely
> different
> domain of execution.
As a future development I was thinking of having untrusted_bin_t and
untrusted_etc_t and other similar types for files in such packages. Then we
could allow the scripts unrestricted access to those files but read-only
access to other files.
It's just an idea that will need a lot of testing. But it could allow us to
have a package that wants to run some scripts to mangle it's own config files
work well without modifications.
> There are still issues with trojan'ed files in payload, forcing chmod -x
> or chmod 000
> might start to limit damage.
That depends on how we want to do it. We could just have an executable type
untrusted_bin_t which prevents execution by sysadm_t, or something similar.
Some input from customers regarding what they want might be good.
> So it's the logical connection that leads from
> rpm_script_t has too much access
> to
> rpm needs multiple domains based on signature
> that I am seeking. selinux is not the only way to limit damage if you
> catch my drift.
True. But I am thinking about SE Linux.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list