[redhat-lspp] /home at SystemHigh
Daniel J Walsh
dwalsh at redhat.com
Fri Feb 24 18:02:54 UTC 2006
Klaus Weidner wrote:
> On Fri, Feb 24, 2006 at 10:32:52AM -0600, LC Bruzenak wrote:
>
>> If you wouldn't mind too much, can someone briefly explain what you mean
>> by "to prevent leaks"?
>>
>
> Something like the following sequence:
>
> - sysadmin starts adding user Joe
>
> - The new /home/joe/ starts out at SystemHigh
>
> - some other process puts a secret file into /home/joe/unimportant.txt
>
> - the final useradd step, or a later sysadmin action, downgrades
> /home/joe/ recursively to SystemLow, including the formerly top secret
> file
>
> -Klaus
>
In an SELinux box the /home/joe will never be at systemhigh. It will
start out at system low because of transition rules, so I don't think
this is a problem.
Dan
More information about the redhat-lspp
mailing list