* restorecond and security related files
@ 2006-05-09 12:46 Joshua Brindle
2006-05-09 14:47 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: Joshua Brindle @ 2006-05-09 12:46 UTC (permalink / raw)
To: SE Linux, Daniel J Walsh, Stephen Smalley
I noticed that /etc/samba/secrets.tdb was added to restorecond.conf. I
thought that restorecond was only going to be used for files of low
security relevancy? Are type transitions not sufficient in this case? if
not smbpasswd should use setfscreatecon() when writing it like passwd
does. Also, this doesn't seem to keep /etc/samba/smbpasswd correctly
typed or the /etc/samba/smbpasswd.<pid> temp file created when smbpasswd
is run.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: restorecond and security related files
2006-05-09 12:46 restorecond and security related files Joshua Brindle
@ 2006-05-09 14:47 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2006-05-09 14:47 UTC (permalink / raw)
To: Joshua Brindle; +Cc: SE Linux, Daniel J Walsh
On Tue, 2006-05-09 at 08:46 -0400, Joshua Brindle wrote:
> I noticed that /etc/samba/secrets.tdb was added to restorecond.conf. I
> thought that restorecond was only going to be used for files of low
> security relevancy? Are type transitions not sufficient in this case? if
> not smbpasswd should use setfscreatecon() when writing it like passwd
> does. Also, this doesn't seem to keep /etc/samba/smbpasswd correctly
> typed or the /etc/samba/smbpasswd.<pid> temp file created when smbpasswd
> is run.
While I agree that whenever possible we should seek to get the proper
type transitions in place and/or appropriate application modifications,
that doesn't necessarily mean that we can't list such files in
restorecond.conf in order to provide some degree of recovery (albeit
belated) when something steps outside of those transitions or bypasses
that modified code, which will always be possible as long as there are
unconfined_t processes on the system. Even /etc/shadow is a candidate
there, because you can lose the type on it quite easily on a targeted
policy system, and better to have restorecond at least notice and
restore it belatedly than to never get it fixed at all (until some user
happens to notice or run a relabel).
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-05-09 14:47 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-05-09 12:46 restorecond and security related files Joshua Brindle
2006-05-09 14:47 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.