Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing List(no subject)
From: Russell Coker <russell_at_coker.com.au>
Date: Sun, 24 Feb 2002 04:49:56 +0100
In domains/system/initrc.te I put the following: domain_auto_trans(initrc_t, nscd_exec_t, nscd_t) I put the following in file_contexts: /usr/sbin/nscd system_u:object_r:nscd_exec_t I have attached my nscd.te file. I believe that the recent versions of nscd (and the matching library code in libc6) doesn't attempt to cache /etc/shadow data. If this isn't the case then it's a security issue which would have to be corrected on an SE system (or else nscd should not be run). I have to check this (don't have access to the source right now). In a typical setup of nscd you will have a somewhat slow source of password data (LDAP or a SQL database) and the nscd will cache lookups so that "ls -l /tmp" doesn't take all day. -- Signatures >4 lines are rude. If you send email to me or to a mailing list that I am subscribed to which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message (the sig won't be read).Received on Sun 24 Feb 2002 - 07:37:25 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |