SELinux and the Desktop
Charles R. Anderson
cra at WPI.EDU
Wed Oct 13 02:51:14 UTC 2004
On Tue, Oct 12, 2004 at 08:14:16PM -0500, Jerry Haltom wrote:
> The daemon realizes that the action isn't allowed, but that it could be
> allowed if the user consents to it, so the daemon pops up on the user's
> desktop a nice dialog box, "The application Blah has attempted to
> access the file /tmp/contact-socket (or whatever). Do you want to allow
> this action?" Most likely t his dialog would ask for the user's
> password again. Upon receiving a "Yes", SELinux would be instructed to
> allow the program to access the socket. If the user presses Yes, the
> process ceases being blocked, and goes on. In the case of No, the
> process will probably die. ;0
[...]
> What this does is let users do what they will do anyways: run the
> program. You won't stop them, I won't stop them, and we probably
> shouldn't. We should make it so they CAN without risk to their systems.
What's to stop a user from always clicking "Yes"? What makes you
think that those same users who download/open attachments that are
executables without thinking/understanding the consequences will be
any smarter when they are asked whether or not to allow a program to
perform some obscure system internal function that they have even less
of a chance understanding?
I don't think it is advantageous to give the user choices they don't
have any chance of understanding. The current Fedora strict SELinux
policy already restricts some network-facing desktop applications,
such as Mozilla.
More information about the fedora-selinux-list
mailing list