SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: new LSM ver This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Timothy Wood <timothy_at_hallcomp.com> Date: 08 Jul 2002 11:19:55 -0400 ÷ ðÎÄ, 08.07.2002, × 10:39, Stephen Smalley ÎÁÐÉÓÁÌ: > > On 8 Jul 2002, Timothy Wood wrote: > > > So what is going ot be done about root permissions and such since you > > are restricting them now? I mean there are just some things you have to > > be root and have root permissions to run. Are you rewriting everything > > to run based on security context instead of user? That would be ideal, > > no I take that back, that would be awesome if things would run based on > > security context of the user running them. Then you could get rid of > > root altogether. > > > > Anywho (sorry for the rant) a really good/simple example of the new > > default context is this. Lets say you want to add a new user... oh > > wait, you can't! Why? No one but root can do this and now, not even > > root can't do it. Did a primary service, such as named, bail out for > > some reason? Too bad! You do not have any way to restart it except by > > rebooting the server. Same reason, root only. > > > > But don't get me wrong. Getting rid of root is a good idea but it's too > > early in the game to make changes like this. It pretty much breaks the > > system in enforcing mode. > > I think you've misunderstood what we've done. We have merely changed the > default login context for root to the user_r role, and prohibited direct > ssh logins in the sysadm_r role. For administration, you can still login > as yourself, run newrole to change to sysadm_r, and run su to obtain the > Linux root user identity. Or, you can login as root if you permit direct > root logins and then run newrole to change to sysadm_r. > > The change simply ensures that a vulnerability in sshd does not open a > direct path to sysadm_r. The attacker will not be able to reach sysadm_r > without authenticating to newrole. This is true. You can also merely change the context when you login (if you log in as root). I suppose I jumpped the gun a little there, however I do like the idea of severely restricting root or removing root altogether. Would I be correct in that pretty much everything would have to be rewritten if this were to be accomplished (the removal of root, that is)? Timothy, -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Mon 8 Jul 2002 - 11:29:37 EDT This message: [ Message body ] Next message: owner-selinux_at_tycho.nsa.gov: "BOUNCE selinux@tycho.nsa.gov: Admin request of type /\bchange\b.*\baddress\b/ at line 7" Previous message: Russell Coker: "Re: new packages" In reply to: Stephen Smalley: "Re: new LSM ver" Next in thread: Stephen Smalley: "Re: new LSM ver" Reply: Stephen Smalley: "Re: new LSM ver" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom