[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: changing permissions during install

On Fri, 25 Jan 2002 17:47, Yves Arrouye wrote:
> > > What are my chances of getting the maintainers of every package that
> > > has a
> > > daemon running as root to make a change to their postinst for SE Linux?
> > > About 0 I think.
> >
> > I think they are much higher than you think.
> >
> > Write a utility that can be called, to make this easier.  This helper
> > would
> > take a config type file, that would define the security perms.  Maybe a
> > conffile in /etc/selinux.d/ or something.
> I agree. If it's well done, and documented in the new maintainer doc and
> other things, it can catch on very easily.
> Now I don't know anything about SELinux, but are all the SIDs like the
> system_u:object_r:dhcpc_exec_t SID things that the sysadmin defines
> independently of the packages? Or should the package be aware of these,
> ideally?

DHCP client programs (/sbin/{dhclient*,pump,dhcpcd}) are 
system_u:object_r:dhcpc_exec_t, there are different SIDs defined for sshd, 
for /bin/login, etc.

What that SID actually means in regard to security access is an issue of 
local configuration.  The default is to allow dhcp client programs raw 
network access, ability to put interfaces up/down, ability to change IP 
addresses, and ability to write to /etc/resolv.conf.

That could be changed, I never want my /etc/resolv.conf to change to I would 
change my security policy to deny write access to it.

> I am trying to understand whose responsibility it is to define the
> default security policy: you or the package maintainer? If it's you, then I
> guess everybody could do something as simple as call install-selinux
> mypackagenamec in postinst (and maybe something else in postrm), but isn't
> that a big task to set these things for every package? And if it has to be
> done by the maintainer, is it reasonable to expect everybody to understand
> SELInux and whatever will come after?

You are correct that the maintainer can't be expected to understand SE Linux 
and other options that deliver similar results.  Choosing good defaults is 
difficult, even for the people with the best knowledge of these issues.

Also this type of security policy will be limited to labelling files, for 
which the default permissions will be defined by me, the administrator can 
change the settings at any time, but is unlikely to want to.  It is more 
useful for the administrator to change what the settings mean.

http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

Reply to: