[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: LSPP Requirement Specifically for Auditing

On Mon, 2005-10-03 at 09:17 -0400, Steve Grubb wrote:
> 7 User Space SE Linux
> 7.6 newrole made into suid program so that it can send audit messages


Have you considered moving the audit generation into a helper program to
avoid having to directly make newrole suid (and to avoid having to
directly allow newrole in policy to access the netlink audit socket)?
That could also be leveraged by the pam infrastructure so that such
access could be removed from a variety of programs that are presently
directly allowed permission to do this.  Naturally, the helper has to be
protected against unauthorized invocation (in the DAC case, you could
make it only executable by group, and make newrole sgid, and in SELinux
policy, you could control what domains can transition to the helper's
domain).  This would parallel the work done previously by Russell et al
to always use the chkpwd helper for password checking so that direct
access to /etc/shadow could be denied by SELinux policy to most domains.

Stephen Smalley
National Security Agency

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]