[redhat-lspp] Re: newrole, UID change, etc
Russell Coker
rcoker at redhat.com
Fri Apr 21 05:00:02 UTC 2006
On Thu, 2006-04-20 at 08:59 -0400, Daniel J Walsh wrote:
> I am real concerned about the selinux=0 and enforcing=0 case on
> newrole. Since newrole is prompting for the users password, and not the
> root password, we need to be very careful if newrole can change UID.
In terms of selinux=0, my plan was to disable such use of newrole in
that case. There is no benefit to using newrole when SE Linux is
disabled. Also we could have an option in the policy to determine
whether newrole should permit changing the UID so that even if a user is
inappropriately granted the access that newrole bases it's checks on
then the newrole program would check the permissions for it's own domain
too (usually newrole_t but policy could support running in other
domains).
For enforcing=0 the case is similar to that of sudo. Misconfiguring a
system such that newrole would permit inappropriate UID changes would be
no different from the same misconfiguration of sudo (changing to root
while only using your personal password is one of the most common
reasons for using it).
More information about the redhat-lspp
mailing list