From: JANAK DESAI <janak@us.ibm.com>
To: Chad Hanson <chanson@TrustedCS.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>, selinux@tycho.nsa.gov
Subject: Re: password policy question
Date: Wed, 25 Jan 2006 14:21:08 -0500 [thread overview]
Message-ID: <43D7CFA4.1040908@us.ibm.com> (raw)
In-Reply-To: <36282A1733C57546BE392885C0618592FD503E@chaos.tcs.tcs-sec.com>
Chad Hanson wrote:
>Very true that this is a downgrade channel. We should probably create
>another boolean for the ability of disallowing the chsh/chfn access, similar
>to ping, thus closing this channel.
>
>
I think that would be very useful. Even though LSPP doesn't require that
users
should be allowed to change their passwords, it does seem like a severe
restriction for non-s0 users.
-Janak
>
>
>>On Wed, 2006-01-25 at 13:35 -0500, Chad Hanson wrote:
>>
>>
>>>This isn't an arbitrary process, this is the passwd program running in
>>>
>>>
>the
>
>
>>>passwd_t domain. The only thing the "trusted" program does is alter
>>>
>>>
>password
>
>
>>>data. The password data itself isn't classified so downgrading is
>>>
>>>
>allowed in
>
>
>>>this controlled instance.
>>>
>>>
>>Yes, but it is the caller that provides the input data (the new
>>password), which could be used to leak arbitrary data through the passwd
>>file. In the case of the password itself, the channel is constrained by
>>the fact that the plaintext is not saved to the file, but there is still
>>a channel under the control of the caller. In the case of other passwd
>>file fields settable via chfn/chsh and some forms of the passwd program
>>(not sure about the RH one), you can leak arbitrary plaintext (subject
>>only to length limitations).
>>
>>
>
>--
>This message was distributed to subscribers of the selinux mailing list.
>If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
>the words "unsubscribe selinux" without quotes as the message.
>
>
>
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2006-01-25 19:21 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-25 18:55 password policy question Chad Hanson
2006-01-25 19:21 ` JANAK DESAI [this message]
-- strict thread matches above, loose matches on Subject: below --
2006-01-25 18:35 Chad Hanson
2006-01-25 18:49 ` Stephen Smalley
2006-01-26 14:31 ` Steve G
2006-01-25 15:04 JANAK DESAI
2006-01-25 16:40 ` Stephen Smalley
2006-01-25 18:00 ` JANAK DESAI
2006-01-25 18:15 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43D7CFA4.1040908@us.ibm.com \
--to=janak@us.ibm.com \
--cc=chanson@TrustedCS.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.