On Tue, Mar 25, 2008 at 10:51:54AM +1100, [EMAIL PROTECTED] wrote:
> 
> The following patch makes the SE Linux tests more strict, when the real UID
> (the return value of getuid()) is 0 SE Linux checks will be performed.
> 
> With this patch if you are running the Strict SE Linux policy a shell user
> who gains UID==0 (EG by exploiting a SUID root binary) can't change the root
> password.  With SE Linux Strict policy a user who has UID==0 and the role
> user_r can do little damage to the system.

Thanks for the patch. I will commit it for 4.1.1.

> I'll send a patch for unstable shortly (this patch may work with unstable
> but I haven't had a chance to test it).

That is not necessary. The patch is clear, and I will port it to 4.1.1.

Is this something that should be also applied to the other tools of the
shadow toolsuite?

(usermod, userdel, newusers, chpasswd could all be used to change the
user's password; chage, or chfn could also do some harm by locking the
account, the password or some logins (but I don't know if root would be
affected))

Just to understand a bit more SE Linux, why don't you want to protect against
changes to non-root accounts?
(If I understand correctly, an extra command is needed to get the user_r
role, and you don't want to force admins to use this command for every
changes, only the ones which may endanger the system. Is that right?)

Best Regards,
-- 
Nekral



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to