Getting the user ID in log messages...

[Stephen Smalley]

On Thu, 2004-06-10 at 10:50, Levine, Daniel J. wrote:
> I'm curious why the ypcat cron with a make reload would present its own
> issues.  I guess it must be a security context issue since I'm new to it.

crond is typically not authorized to perform such operations in the
policy.  But even if you were willing to trust crond in this manner,
there is the question of the input to crond.  Are you just trying to add
all of these users and only authorize them for user_r?  If so, then that
is less of a concern.  But if you want to pull user-role authorizations
from a NIS map, then you obviously have other trust dependencies, e.g.
protection of the server, authentication and integrity protection for
the client-server communications, etc.

 If so, I suppose I could have a central
> NFS auto-mounted location for my local users file.  So at boot time, I have
> a nice sane policy (your default which maps all users to user user_u.  But
> when everything is finished booting I have some additional information for
> my users wherever you tell me to add it.  I guess my rc.local would then
> need to perform a make reload to incorporate this additional information.
> Would this be an easy and sustainable way to achieve what I want?

Easy, sustainable, and unsafe, obviously.  Compromise of the server or
spoofing the server would allow you to inject arbitrary user-role
authorizations.

> Do you have any better ideas?  I can't be the only person who wants to do
> this, can I?  I feel like what I'm asking is not unreasonable.  Is SELinux
> intended for single machines working in insecure environments?

We have to walk before we can run.  Distributed policy management is
something that needs to be built for SELinux, but we couldn't get there
if we didn't have SELinux at all...

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency