From: Jeremy Katz <katzj@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: selinux@tycho.nsa.gov, SELinux-dev@tresys.com,
Paul Nasrat <pnasrat@redhat.com>
Subject: Re: [RFC][PATCH] selinux: introduce support for deferred mapping of inode security contexts
Date: Fri, 26 May 2006 14:54:19 -0400 [thread overview]
Message-ID: <1148669659.2558.26.camel@aglarond.local> (raw)
In-Reply-To: <1148570910.20976.126.camel@moss-spartans.epoch.ncsc.mil>
On Thu, 2006-05-25 at 11:28 -0400, Stephen Smalley wrote:
> On Thu, 2006-05-25 at 11:19 -0400, Stephen Smalley wrote:
> > The alternative model to post checking after policy load would be to
> > either:
> > 1) Precheck the file contexts from the header against the .pp file in
> > some manner at install time (in which case rpm can abort early), or
>
> And as I suspect that you'll say that since those contexts were
> generated from the .pp file in the first place, no such checking is
> required, let me note that:
> a) the contexts will have been generated from the file contexts part of
> the .pp, not from the policy module itself, so there could be an
> inconsistency between the two that leaves the context invalid under the
> new policy, and
I still think that it's somewhat important to try to ensure that this
doesn't happen before you get to installing the package, just because at
that point, you're basically putting the user in the "you're hosed, do
not pass go, do not collect $200" position. So I still hope that we
don't end up with this being a common occurrence :-)
> b) having rpm recheck at install time provides us with both greater
> robustness (in the event of a bug in rpmbuild or a package corrupted in
> some manner along the way) and security (in the event of a maliciously
> constructed package).
But I'm willing to concede that adding some form of checking here may
well make sense. But I'm not convinced it will necessarily belong in
rpm itself -- it may make more sense to have it in the
policy_module_loader_helper which is going to end up being needed to
avoid stupid scriptlet errors. But that's in the realm of it not really
mattering who's checking in that it's being checked. Does that seem
reasonable?
Jeremy
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2006-05-26 18:54 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-15 16:35 [RFC][PATCH] selinux: introduce support for deferred mapping of inode security contexts Stephen Smalley
2006-05-15 17:41 ` Stephen Smalley
2006-05-16 12:15 ` Stephen Smalley
2006-05-17 7:54 ` Thomas Bleher
2006-05-17 17:52 ` Karl MacMillan
2006-05-17 19:01 ` Stephen Smalley
2006-05-18 18:14 ` Thomas Bleher
2006-05-19 12:59 ` Stephen Smalley
2006-05-19 13:18 ` Joshua Brindle
2006-05-19 13:18 ` Karl MacMillan
2006-05-23 17:15 ` Stephen Smalley
2006-05-23 18:23 ` Daniel J Walsh
2006-05-23 18:50 ` Stephen Smalley
2006-05-23 20:11 ` Stephen Smalley
2006-05-24 17:24 ` Jeremy Katz
2006-05-24 17:24 ` Jeremy Katz
2006-05-24 18:01 ` Stephen Smalley
2006-05-24 17:24 ` Jeremy Katz
2006-05-24 17:48 ` Stephen Smalley
2006-05-25 15:19 ` Stephen Smalley
2006-05-25 15:28 ` Stephen Smalley
2006-05-26 18:54 ` Jeremy Katz [this message]
2006-05-26 20:13 ` Stephen Smalley
2006-05-26 20:16 ` Jeremy Katz
2006-05-17 18:26 ` Stephen Smalley
2006-05-17 18:28 ` Karl MacMillan
2006-05-17 18:43 ` Stephen Smalley
2006-05-19 13:44 ` Stephen Smalley
2006-05-19 13:59 ` Daniel J Walsh
2006-05-19 14:14 ` Stephen Smalley
2006-05-19 14:20 ` Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2006-05-19 14:05 Joshua Brindle
2006-05-19 14:18 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1148669659.2558.26.camel@aglarond.local \
--to=katzj@redhat.com \
--cc=SELinux-dev@tresys.com \
--cc=pnasrat@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.