SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: launching apps at level (MLS) and polyinstantiation This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: Stephen Smalley <sds_at_tycho.nsa.gov> Date: Tue, 08 May 2007 13:54:39 -0400 On Thu, 2007-05-03 at 16:09 -0500, Darrel Goeddel wrote: > Stephen Smalley wrote: > > How about the revised patch below (only including the newrole.c and > > Makefile diffs since the hashtab code is unchanged)? The changes from > > your patch are: > > - Make sure everything is properly enabled/disabled by USE_PAM and move > > the code into the existing USE_PAM block where appropriate. > > - Call the config file newrole_pam.conf since there could be other > > newrole config files in the future. > > - Distinguish missing config file (ok) from errors during parsing of the > > config file (should abort). > > - Remove the Authenticating <username> message since it could be > > confusing in the case where you are using a pam config that doesn't > > require it and it doesn't really provide any benefit. > > - Improve error checking and handling. > > - Coding style cleanups (indentation, comment style, etc). > > > > To test, I created a /etc/pam.d/newrole-noauth config that had > > pam_permit.so for its auth module and created > > a /etc/selinux/newrole_pam.conf that mapped one program to > > newrole-noauth. > > > > The alternative model would be to eliminate /etc/selnux/newrole_pam.conf > > entirely from the equation, and just have newrole look for (test via > > access()) a /etc/pam.d/newrole_<appname> config and use > > newrole_<appname> as the service name if present. > > I like this idea. I haven't had a chance to test this yet, but it looks > to be assuming that the arg to -c is just the command name without any > path info. Should we strip that down to its basename in case someone runs > 'newrole -l secret -c /usr/bin/foo' as opposed to 'newrole -l secret -c foo'? Actually, on second thought, do we really want that behavior? IOW, if I specify "/usr/bin/foo newrole-noauth" in my /etc/selinux/newrole_pam.conf, then I want "newrole -l s1 -- -c /usr/bin/foo" to use /etc/pam.d/newrole-noauth. But I don't want the caller to be able to do "newrole -l s1 -- -c ./foo" and get the same effect. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Tue 8 May 2007 - 13:54:47 EDT This message: [ Message body ] Next message: Joshua Brindle: "Re: [PATCH] Basic policy representation" Previous message: Stephen Smalley: "Re: [PATCH] Basic policy representation" In reply to: Darrel Goeddel: "Re: launching apps at level (MLS) and polyinstantiation" Next in thread: Ted X Toth: "Re: launching apps at level (MLS) and polyinstantiation" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom