From: Daniel J Walsh <dwalsh@redhat.com>
To: russell@coker.com.au
Cc: Michael C Thompson <thompsmc@us.ibm.com>,
SE Linux <selinux@tycho.nsa.gov>,
Stephen Smalley <sds@tycho.nsa.gov>,
jdesai@us.ibm.com
Subject: Re: [RFC PATCH] newrole suid breakdown
Date: Fri, 06 Oct 2006 14:50:58 -0400 [thread overview]
Message-ID: <4526A592.7020201@redhat.com> (raw)
In-Reply-To: <200610070337.40031.russell@coker.com.au>
Russell Coker wrote:
> On Saturday 07 October 2006 03:01, Daniel J Walsh <dwalsh@redhat.com> wrote:
>
>> Russell Coker wrote:
>>
>>> On Thursday 05 October 2006 23:57, Daniel J Walsh <dwalsh@redhat.com>
>>>
> wrote:
>
>>>> Does the code continue to work correctly if I compile in AUDIT_LOG_PRIV
>>>> and NAMESPACE_PRIV but run it without the setuid bit and as a normal
>>>> user. IE, We want the option to only set this setuid when in an MLS
>>>> environment. This is not required for targeted or strict policy
>>>> machines.
>>>>
>>> Who does "we" mean in this context?
>>>
>>> I would like to have newrole work with namespaces in a strict policy
>>> environment!
>>>
>> I am not denying you that right. I am asking for the tool to continue
>> working with or without setuid.
>>
>
> Without setuid means without poly-instantiation based on SE Linux context,
> which means that probably most strict policy systems won't be able to
> effectively use poly-instantiation.
>
>
>> IE Don't force a setuid app on the OS, if I don't do pam_namespace or
>> care about role auditing.
>>
>
> /usr/kerberos/bin/ksu is forced on the OS even though the vast majority of
> Fedora users will never use Kerberos.
>
> /usr/sbin/ccreds_validate seems to always get installed even on systems that
> will never use network authentication (again the majority).
>
> /usr/libexec/openssh/ssh-keysign is always installed even though it's
> generally recommended that you don't use host based authentication (and my
> observation is that almost no-one is using it).
>
> The rsh package has three setuid root programs and again is almost never
> needed (in fact it's recommended that you don't have it for several reasons).
>
>
> Without even trying I've found six setuid-root programs that are included in a
> fairly default install of Fedora and which are never needed by the vast
> majority of users. I doubt that all six are as well audited as newrole.
>
> It seems that the decision to force setuid programs on the OS has already been
> made.
>
>
Ok, After talking to people around here, I want to allow newrole to be
setuid, but I want to remove it from policycoreutils and move it to
policycoreutils-newrole, then I will require policycoreutils-newrole for
mls and strict policy.
Dan
That seems to be the easiest solution.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2006-10-06 18:50 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-04 22:17 [RFC PATCH] newrole suid breakdown Michael C Thompson
2006-10-05 13:57 ` Daniel J Walsh
2006-10-05 14:42 ` Michael C Thompson
2006-10-05 14:52 ` Daniel J Walsh
2006-10-05 15:46 ` Michael C Thompson
2006-10-05 17:56 ` Stephen Smalley
2006-10-05 14:58 ` Stephen Smalley
2006-10-05 15:55 ` Michael C Thompson
2006-10-05 18:39 ` Stephen Smalley
2006-10-05 19:53 ` Michael C Thompson
2006-10-05 20:12 ` Stephen Smalley
2006-10-05 20:47 ` Michael C Thompson
2006-10-05 21:48 ` Steve Grubb
2006-10-06 14:52 ` Stephen Smalley
2006-10-06 15:16 ` Russell Coker
2006-10-06 15:22 ` Linda Knippers
2006-10-06 15:22 ` Michael C Thompson
2006-10-06 15:36 ` Steve Grubb
2006-10-06 15:49 ` Stephen Smalley
2006-10-06 15:34 ` Steve Grubb
2006-10-06 16:14 ` Stephen Smalley
2006-10-06 17:08 ` Daniel J Walsh
2006-10-06 17:13 ` Stephen Smalley
2006-10-05 23:15 ` Russell Coker
2006-10-06 17:01 ` Daniel J Walsh
2006-10-06 17:37 ` Russell Coker
2006-10-06 18:50 ` Daniel J Walsh [this message]
2006-10-06 18:54 ` Stephen Smalley
2006-10-06 19:03 ` Russell Coker
2006-10-06 21:36 ` Michael C Thompson
2006-10-06 21:50 ` Stephen Smalley
2006-10-05 14:40 ` Stephen Smalley
2006-10-05 16:07 ` Michael C Thompson
2006-10-05 17:40 ` Stephen Smalley
2006-10-05 20:10 ` Michael C Thompson
2006-10-05 20:24 ` Stephen Smalley
2006-10-05 20:42 ` Michael C Thompson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4526A592.7020201@redhat.com \
--to=dwalsh@redhat.com \
--cc=jdesai@us.ibm.com \
--cc=russell@coker.com.au \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=thompsmc@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.