User: Password:
|
|
Subscribe / Log in / New account

Complexity

Complexity

Posted Sep 23, 2004 14:15 UTC (Thu) by mmarsh (subscriber, #17029)
In reply to: Complexity by walters
Parent article: An introduction to SELinux

I think what he meant is that you specify your rules with file paths, and the compiler figures out what device/inode that path references. The final compiled version that actually gets used doesn't have path references. Then you just have to make sure that all of your old path specifications are still correct the next time you compile.


(Log in to post comments)

Complexity

Posted Sep 23, 2004 16:24 UTC (Thu) by walters (subscriber, #7396) [Link]

The files ultimately still need to have types assigned to them. No compiler can figure out what a program is actually doing with all of its files and figure out the best way to assign types to the files in order to achieve least privilege. Having a tool that looked at the file paths the application referenced and guesses types for them while constructing a policy would be somewhat useful. But it would be no substitute for a human.

In a number of cases, SELinux has revealed application bugs like the kerberos libraries trying to open /etc/krb5.conf with write permissions.

Complexity

Posted Sep 23, 2004 17:09 UTC (Thu) by mmarsh (subscriber, #17029) [Link]

That's not how I read the comment, but then I'm also not familiar with SELinux, so this may just be an incorrect reading. My impression was that Rich wanted to assign a type to a file by name and let the rules compiler figure out what the actual object is.

After poking through the documentation, it looks like I might just have been off. There are examples of specifying objects by path, and wildcards to assign a type to everything not otherwise specified.

Complexity

Posted Sep 23, 2004 19:14 UTC (Thu) by walters (subscriber, #7396) [Link]

Oh, I guess I misunderstood what you were saying. There is a mapping from file names to contexts that SELinux uses to initialize the system. Defining this mapping is part of writing a security policy for a program.

However Rich and elanthis seemed to want to do away with types entirely and have them somehow automagically created; that doesn't make sense.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds