Lower Process Capabilities
Stephen Smalley
sds at tycho.nsa.gov
Wed Jul 29 12:03:05 UTC 2009
On Tue, 2009-07-28 at 20:13 -0500, Serge E. Hallyn wrote:
> Quoting Bill McGonigle (bill at bfccomputing.com):
> > On 07/28/2009 04:11 PM, Chris Adams wrote:
> > Still, is such a change less severe than changing what root means? Is
> > Fedora that committed to SELinux? What's it going to take to make most
> > people who shut off SELinux stop doing that?
>
> Moving to heavier exploitation of capabilities doesn't mean
> stop using SELinux. Any more than finding and fixing buffer
> overflows should only be done if we want to turn off selinux.
Well, it isn't quite the same thing. Assignment of capabilities to
specific processes running specific binaries is something that SELinux
can already do via Type Enforcement. And preventing a uid 0 process
from writing to system files is likewise something that SELinux can
already do via Type Enforcement.
So I think the only piece of the proposal that is orthogonal to SELinux
is privilege bracketing within the program (dropping caps after use).
But the changes to the file and directory permissions seem more
questionable.
--
Stephen Smalley
National Security Agency
More information about the fedora-devel-list
mailing list