[redhat-lspp] LSPP work items
Steve Grubb
sgrubb at redhat.com
Thu Oct 6 15:30:14 UTC 2005
On Thursday 06 October 2005 10:50, Russell Coker wrote:
> OK, I've implemented a quick hack of this. My code surely won't be
> accepted upstream and probably won't be accepted into rawhide as-is, but
> works well enough for test purposes.
Thanks Russell. I think they would want some #ifdef to allow compilation to
proceed where loginuid is not supported. If upstream is uninterested, we can
carry it as a patch.
> I have attached a sample audit.log showing the Procmail execution with
> the auid logged.
>
> allow postfix_local_t self:file rw_file_perms;
> allow postfix_local_t self:capability audit_control;
I really hate that changing the loginuid means that they have the ability to
write rules.
> The patch for Postfix is named "diff", it's against version 2.2.5-1
> (latest rawhide).
There are a couple nits, should use uid_t. and return -2 if get_login_uid
fails. Right now it returns 0 on failure which is a normal acct. -1 means the
loginuid of postfix is unset and this is normal for anything started by init.
Generally, the rule is that if you cannot attribute the actions to the real
user, the action must be prevented. That means failure to get/set loginuid
would require the attempted delivery to fail.
> Are we planning to do the same for other MTAs or are we making Postfix
> the only supported MTA for LSPP?
That would be nice. We (Red Hat) have configured other entry point programs
that are not part of any security target to do the right thing. Examples are
gdm, kdm, and xdm.
-Steve
More information about the redhat-lspp
mailing list