User: Password:
|
|
Subscribe / Log in / New account

Shadow hardening

Shadow hardening

Posted Mar 23, 2012 13:09 UTC (Fri) by dpquigl (guest, #52852)
In reply to: Shadow hardening by phajdan.jr
Parent article: Shadow hardening

I'd recommend joining the SELinux mailing list at http://www.nsa.gov/research/selinux/list.shtml. I'm sure you will find people to help with both 1 and 2. I'm not sure of shadow utils is currently SELinux aware or not. It might be because there was no way of writing different type transition rules for two files in the same directory created by the same process. Eric Paris I believe fixed this by making type transitions optionally take a name as their last component. In newer versions of SELinux we should be able to use that to do all this work in policy. I also think that even that might not be needed. If I understand things properly this stores the new shadow information under its own directory right? We can label that parent directory properly and any directories under it and files created under those should have the right contexts.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds