who provides /etc/sysconfig/selinux?
Richard Hally
rhally at mindspring.com
Wed Apr 7 21:25:50 UTC 2004
Jesse Keating wrote:
>On Wednesday 07 April 2004 13:42, Richard Hally wrote:
>
>
>>My first guess was that it was provided by anaconda 'cause supposedly
>>you only get it if you do an install(rather than upgrade) but doing
>>rpm -q--filesby pkg of anaconda does not show it. It look to me like
>>it is a back door to turn off SELinux on an unsuspecting sysadmin.
>>Richard Hally
>>
>>
>
>Files created by %post scripts of rpms, or by the installer, don't
>usually get "owned" by any particular package.
>
>
Which could be considered a "security problem" Some hardheaded security
administrators don't like "unaccounted for " files on their systems.
>If you have somebody on the system that can write to your
>/etc/sysconfig/selinux file while you have SELinux on and enabled, then
>it's time to review your SELinux rule set and who you're handing root
>accounts out to.
>
>
>
Rpm can put files just about anywhere. The installer (anaconda) is a
corner case but rpm certainly could be a method of attack and as you
say rpm doesn't always account for a packages files. Looks like a
trojaned rpm would work and be difficult to spot.
Richard Hally
More information about the fedora-test-list
mailing list