who provides /etc/sysconfig/selinux?

Richard Hally rhally at mindspring.com
Wed Apr 7 21:25:50 UTC 2004


Jesse Keating wrote:

>On Wednesday 07 April 2004 13:42, Richard Hally wrote:
>  
>
>>My first guess was that it was provided by anaconda 'cause supposedly
>>you only get it if you do an install(rather than upgrade) but doing
>>rpm -q--filesby pkg of anaconda does not show it.  It look to me like
>>it is a back door to turn off SELinux on an unsuspecting sysadmin.
>>Richard Hally
>>    
>>
>
>Files created by %post scripts of rpms, or by the installer, don't 
>usually get "owned" by any particular package.
>  
>
Which could be considered a "security problem"  Some hardheaded security 
administrators don't like "unaccounted for " files on their systems.

>If you have somebody on the system that can write to your 
>/etc/sysconfig/selinux file while you have SELinux on and enabled, then 
>it's time to review your SELinux rule set and who you're handing root 
>accounts out to.
>
>  
>
Rpm can put files just about anywhere.  The installer (anaconda) is a 
corner case but rpm certainly could be a method of attack and as you 
say  rpm  doesn't always account  for a packages files. Looks like a 
trojaned rpm would work and be difficult to spot.
Richard Hally






More information about the fedora-test-list mailing list