Re: Triggers status?
On Mon, 22 Oct 2007 07:01:33 +1000, Anthony Towns
<aj@azure.humbug.org.au> said:
> I wonder if it'd be possible to setup an SELinux policy so that dpkg
> is only able to unpack files that are already known about by SELinux
> -- at least that way you'd get an error on unpack, with dpkg's usual
> bail-out attempts, rather than a possible hole introduced into your
> system.
That would be nice (the error on unpack, that is) -- but is hard
to do: not all packages have a specific policy (indeed, this is the
only sane scenario: 10,000 policy modules for Debian would be
untenable). Nice, but not required for security, really -- since the
default is to install the files with no special security domain, and no
domain transitions on execution; so lacking a security policy you get a
bog-common initial security domain, with no special privileges.
This is because the default is to deny by default -- and thus
security policy modules _add_ the permissions for special tasks that
packages need to do. Lacking security policy does not mean you have a
security hole -- it means that the package you installed might not have
the permissions to do anything useful, perhaps including running stuff
in the postinst (remember, running as root/apt_t does not buy you as
much in a SELinux machine as running with root on a non-selinux box
does).
I'm trying to increase functionality with the pre-install hook,
security is not the driver here.
manoj
--
... Had this been an actual emergency, we would have fled in terror, and
you would not have been informed.
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: