[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Triggers status?

On Mon, 22 Oct 2007 07:01:33 +1000, Anthony Towns
<aj@azure.humbug.org.au> said:  

> I wonder if it'd be possible to setup an SELinux policy so that dpkg
> is only able to unpack files that are already known about by SELinux
> -- at least that way you'd get an error on unpack, with dpkg's usual
> bail-out attempts, rather than a possible hole introduced into your
> system.

        That would be nice (the error on unpack, that is) -- but is hard
 to do: not all packages have a specific policy (indeed, this is the
 only sane scenario: 10,000 policy modules for Debian would be
 untenable).  Nice, but not required for security, really -- since the
 default is to install the files with no special security domain, and no
 domain transitions on execution; so lacking a security policy you get a
 bog-common initial security domain, with no special privileges.

        This is because the default is to deny by default -- and thus
 security policy modules _add_ the permissions for special tasks that
 packages need to do.  Lacking security policy does not mean you have a
 security hole -- it means that the package you installed might not have
 the permissions to do anything useful, perhaps including running stuff
 in the postinst  (remember, running as root/apt_t  does not buy you as
 much in a SELinux machine as  running with root on a non-selinux box

        I'm trying to increase functionality with the pre-install hook,
 security  is not the driver here.

... Had this been an actual emergency, we would have fled in terror, and
you would not have been informed.
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: