Re: changing permissions during install
On Fri, 25 Jan 2002 17:47, Yves Arrouye wrote:
> > > What are my chances of getting the maintainers of every package that
> > > has a
> > > daemon running as root to make a change to their postinst for SE Linux?
> > > About 0 I think.
> >
> > I think they are much higher than you think.
> >
> > Write a utility that can be called, to make this easier. This helper
> > would
> > take a config type file, that would define the security perms. Maybe a
> > conffile in /etc/selinux.d/ or something.
>
> I agree. If it's well done, and documented in the new maintainer doc and
> other things, it can catch on very easily.
>
> Now I don't know anything about SELinux, but are all the SIDs like the
> system_u:object_r:dhcpc_exec_t SID things that the sysadmin defines
> independently of the packages? Or should the package be aware of these,
> ideally?
DHCP client programs (/sbin/{dhclient*,pump,dhcpcd}) are
system_u:object_r:dhcpc_exec_t, there are different SIDs defined for sshd,
for /bin/login, etc.
What that SID actually means in regard to security access is an issue of
local configuration. The default is to allow dhcp client programs raw
network access, ability to put interfaces up/down, ability to change IP
addresses, and ability to write to /etc/resolv.conf.
That could be changed, I never want my /etc/resolv.conf to change to I would
change my security policy to deny write access to it.
> I am trying to understand whose responsibility it is to define the
> default security policy: you or the package maintainer? If it's you, then I
> guess everybody could do something as simple as call install-selinux
> mypackagenamec in postinst (and maybe something else in postrm), but isn't
> that a big task to set these things for every package? And if it has to be
> done by the maintainer, is it reasonable to expect everybody to understand
> SELInux and whatever will come after?
You are correct that the maintainer can't be expected to understand SE Linux
and other options that deliver similar results. Choosing good defaults is
difficult, even for the people with the best knowledge of these issues.
Also this type of security policy will be limited to labelling files, for
which the default permissions will be defined by me, the administrator can
change the settings at any time, but is unlikely to want to. It is more
useful for the administrator to change what the settings mean.
--
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page
Reply to: