Is arbitrary access to rpm_t by sysadm_r a security problem?
Aleksey Nogin
aleksey at nogin.org
Wed Mar 31 10:11:56 UTC 2004
On 31.03.2004 01:37, Paul Nasrat wrote:
>>This will probably require
>>having the current rpm functionality split into two executables. This means
>>that one can be used for parsing the command line, checking the signature,
>>and running the --pipe operation. The other could do the real work.
>
>
> How does this tie in with other uses of rpmlib - eg rpm-python or the C
> bindings. Most people won't be calling rpm directly.
I am guessing that the "internal" trusted executable could be called
from rpmlib and be the one doing all the stuff that requires special
permissions and this way it would not matter what "front end"
(rpm/apt/yum/up2date/etc) is used. I have no idea whether the current
rpmlib API would support something like this, so I could be wrong.
--
Aleksey Nogin
Home Page: http://nogin.org/
E-Mail: nogin at cs.caltech.edu (office), aleksey at nogin.org (personal)
Office: Jorgensen 70, tel: (626) 395-2907
More information about the fedora-selinux-list
mailing list