All of lore.kernel.org
 help / color / mirror / Atom feed
From: Carsten Grohmann <carsten.grohmann@raumbildsysteme.de>
To: russell@coker.com.au, SE Linux <selinux@tycho.nsa.gov>
Subject: Re: trusted vs untrusted packages
Date: Tue, 14 Oct 2003 13:33:39 +0200	[thread overview]
Message-ID: <200310141333.39662.carsten.grohmann@raumbildsysteme.de> (raw)
In-Reply-To: <200310141107.53852.russell@coker.com.au>

I think the idea of signed rpms is good and useful. 

> RPMs can be signed or unsigned.  If an RPM is signed by a trusted
> organization then there should be some differences in an SE Linux
> install than if it is not signed or if we don't trust the signer.

Whom should we trust? The people of the personal web of trust?

> One idea is to have signed packages be installed by rpm running
> as rpm_t and unsigned packages be installed by rpm running as
> rpm_unsigned_t [1].  So for example we could allow rpm_unsigned_t
> to install files in /sbin as sbin_unsigned_t and in /bin as
> bin_unsigned_t [2].  Then a program installed from an untrusted
> package can't be run from sysadm_t, and if it's run from other
> trusted domains (EG part of the mail server) then it could
> trigger an automatic domain transition to an appropriate domain.

I'm not sure, about this idea. Because it is necessary to patch rpm 
and the most rpms I've seen creates the file context during the 
post install squence using chcon. On the other side we have more 
secure packages with a (little bit) more complex policy. 

What's about debian packages? Would you sign this too and adapt the 
package tools to handle the file context? 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

  reply	other threads:[~2003-10-14 11:34 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-10-14  1:07 trusted vs untrusted packages Russell Coker
2003-10-14 11:33 ` Carsten Grohmann [this message]
2003-10-14 17:23   ` Jeff Johnson
2003-10-14 12:06 ` James Morris
2003-10-14 17:26   ` Jeff Johnson
2003-10-14 23:31   ` Diyab
2003-10-15  0:20     ` Robert Potter
2003-10-14 16:47 Jeff Johnson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200310141333.39662.carsten.grohmann@raumbildsysteme.de \
    --to=carsten.grohmann@raumbildsysteme.de \
    --cc=russell@coker.com.au \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.