Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing Listserial devices
From: Russell Coker <russell_at_coker.com.au>
Date: Sat, 4 Oct 2003 14:20:21 +1000
The problem is that serial ports are used for modems, printers, and many other things than terminals. Currently the sample policy does not permit such access. So cups and lpd are not granted access, and if you want to run minicom you have to change the context of the device (and add new policy) or run minicom as sysadm_t. I have been thinking of creating a new type for non-login serial devices and granting pppd, cups and lpd full access to it, then the administrator would have the option of granting users access to it for running minicom without allowing them to spoof logins. Another possibility is to have different types for the device as used by cups, pppd, and minicom. Then change the contexts of serial devices to indicate which service they are for, but this could be painful to administer. What do you think?
-- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
-- |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |