selinux diversion [was Re: Usermode request: add patch enabling group membership to control auth user]
Daniel J Walsh
dwalsh at redhat.com
Fri Apr 16 16:43:32 UTC 2004
Matthew Miller wrote:
>On Fri, Apr 16, 2004 at 12:19:49PM -0400, Daniel J Walsh wrote:
>
>
>>>Yep. I'm just increasingly unsure about the implementation. If a SELinux
>>>configuration can allow a user to access things that would normally be
>>>denied by traditional Unix security, that's *crazy*.
>>>
>>>
>>No DAC is still being enforced.
>>
>>
>
>Not in usermode, apparently....
>
>
If a user is defined in the users database and is allowed to transition
to sysadm_r he will be
allowed to run usermode applications by providing his own password
instead of the root
password.
Similarly to the way sudo is used today.
This might be something we will need to turn off before we ship FC2.
Or at least make it tunable. The goal is to eliminate the need for
multiple people to have
the root password on a machine. So as we develop SELinux multiple roles
will be defined
for users will be assigned those roles. So you could end up with a
appache web manager or
a printer config manager and not have to give them root password on the
system.
Currently sysadm_r and root use the same password, so if someone has the
root password they
can still subvert the entire system.
Dan
More information about the fedora-test-list
mailing list