Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Today's diffs
From: Russell Coker <russell_at_coker.com.au>
Date: Sat, 2 Oct 2004 02:36:22 +1000
That turned out to be a bug in sendmail.fc. I have attached a patch which fixes sendmail.fc and also removes the unnecessary rules from sendmail.te.
> >Also you have put in comments indicating that several programs have been You missed the bit about SSP.
> >+allow udev_t domain:dir r_dir_perms; OK, then probably we want a dontaudit rule.
> >+/usr/bin/chage -- system_u:object_r:passwd_exec_t OK, we need to patch chage in the same way as passwd then. We don't want to permit root:user_r:user_t to invalidate accounts.
> >--- nsapolicy/macros/global_macros.te 2004-09-22 16:19:13.000000000 Please give an example of a command that triggers this.
> >+allow $1_lpr_t $1_mozilla_t:tcp_socket { read write }; I can't believe that mozilla would use a TCP socket to send data to lpr. Creating a unix domain socket for it also seems to be a very odd way of doing things that is likely to cause breakage. It would either be a fifo or a temporary file. Does it work if you replace those allow rules with dontaudit rules? -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home pageReceived on Fri 1 Oct 2004 - 12:36:35 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |