Recent Features
| |||||||||||||
ComplexityComplexityPosted Sep 23, 2004 16:24 UTC (Thu) by walters (subscriber, #7396)In reply to: Complexity by mmarsh Parent article: An introduction to SELinux
The files ultimately still need to have types assigned to them. No compiler can figure out what a program is actually doing with all of its files and figure out the best way to assign types to the files in order to achieve least privilege. Having a tool that looked at the file paths the application referenced and guesses types for them while constructing a policy would be somewhat useful. But it would be no substitute for a human. In a number of cases, SELinux has revealed application bugs like the kerberos libraries trying to open /etc/krb5.conf with write permissions.
(Log in to post comments)
Complexity Posted Sep 23, 2004 17:09 UTC (Thu) by mmarsh (subscriber, #17029) [Link] That's not how I read the comment, but then I'm also not familiar with SELinux, so this may just be an incorrect reading. My impression was that Rich wanted to assign a type to a file by name and let the rules compiler figure out what the actual object is.
After poking through the documentation, it looks like I might just have been off. There are examples of specifying objects by path, and wildcards to assign a type to everything not otherwise specified.
Complexity Posted Sep 23, 2004 19:14 UTC (Thu) by walters (subscriber, #7396) [Link] Oh, I guess I misunderstood what you were saying. There is a mapping from file names to contexts that SELinux uses to initialize the system. Defining this mapping is part of writing a security policy for a program. However Rich and elanthis seemed to want to do away with types entirely and have them somehow automagically created; that doesn't make sense.
|
|||||||||||||