Re: password policy question

All of lore.kernel.org
 help / color / mirror / Atom feed

From: JANAK DESAI <janak@us.ibm.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: selinux@tycho.nsa.gov
Subject: Re: password policy question
Date: Wed, 25 Jan 2006 13:00:24 -0500	[thread overview]
Message-ID: <43D7BCB8.1000000@us.ibm.com> (raw)
In-Reply-To: <1138207213.13075.20.camel@moss-spartans.epoch.ncsc.mil>

Stephen Smalley wrote:

>On Wed, 2006-01-25 at 10:04 -0500, JANAK DESAI wrote:
>  
>
>>Hello,
>>
>>I am looking at the serefpolicy-2.2.2 (downloaded this morning from 
>>fedora core
>>development SRPMS) and am trying to figure out how, in an mls 
>>environment, a
>>user logged in at anything other s0 would be able to change his/her 
>>password. I
>>expected to see a "typeattribute passwd_t mlsfilewrite" in the 
>>monolithic policy.conf
>>file that I generated. What am I missing?
>>    
>>
>
>Is that really what you want?  It would allow a high process to
>downgrade information via the passwd file.
>
>  
>
What happens if you have user that is defined with mls range of
s3 to s9. How would this user change their password? Looking at
the password policy, I couldn't figure out how that would work.

-Janak

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2006-01-25 18:00 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-01-25 15:04 password policy question JANAK DESAI
2006-01-25 16:40 ` Stephen Smalley
2006-01-25 18:00   ` JANAK DESAI [this message]
2006-01-25 18:15     ` Stephen Smalley
  -- strict thread matches above, loose matches on Subject: below --
2006-01-25 18:35 Chad Hanson
2006-01-25 18:49 ` Stephen Smalley
2006-01-26 14:31   ` Steve G
2006-01-25 18:55 Chad Hanson
2006-01-25 19:21 ` JANAK DESAI

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43D7BCB8.1000000@us.ibm.com \
    --to=janak@us.ibm.com \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.