3:46 p.m.
Bug link: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=129584
Additional Comment #9 From Daniel Walsh (dwalsh(a)redhat.com) on
2004-09-15 15:55
Yes there are a lot of files that user can not access. Mainly any
file that has a security context associated with it and doesn't have
the attribute usercanread.
Again I want to bring this conversation to the public list and come
to
concensus. We can add usercanread to these files, but the question
than is should a user be able to read all files even if they are world
readable.
I don't see why not. If you think the user should not be able
to read those files, then why aren't their permissions flags
set accordingly? If a file was intended to be readable only
by a certain application or only by root then it could have had
the proper user/group/rwx flags set - this restriction could
have been imposed without SELinux. If it is marked
user readable then it seems to me that any user should
be able to read it (or at least that there are no
security reasons to deny it). So why
does SElinux impose restrictions on user_t
that contradict this explicit setting?
--
Ivan Gyurdiev <ivg2(a)cornell.edu>
Cornell University
7:09 p.m.
I can see this going towards three 'standard' policies: targeted,
tight and strict
(where tight is strict with usercanread 'everywhere').
In general, I'm in favor of keeping strict as it is: well defined policies for
the mandatory access controls that override the discretionary ones.
But then again, I can understand circumstances where one may want
something 'in between' targeted and strict.
Not sure how to extend this to 'group readable', though.
tom
[My guess is that when the knowledge-/comfort-level of policy
hacking is greater, this will be less of an issue.]
On Wed, 15 Sep 2004 16:46:12 -0400, Ivan Gyurdiev <ivg2(a)cornell.edu> wrote:
Bug link:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=129584
> Additional Comment #9 From Daniel Walsh (dwalsh(a)redhat.com) on
> 2004-09-15 15:55
> Yes there are a lot of files that user can not access. Mainly any
> file that has a security context associated with it and doesn't have
> the attribute usercanread.
> Again I want to bring this conversation to the public list and come to
> concensus. We can add usercanread to these files, but the question
> than is should a user be able to read all files even if they are world
> readable.
I don't see why not. If you think the user should not be able
to read those files, then why aren't their permissions flags
set accordingly? If a file was intended to be readable only
by a certain application or only by root then it could have had
the proper user/group/rwx flags set - this restriction could
have been imposed without SELinux. If it is marked
user readable then it seems to me that any user should
be able to read it (or at least that there are no
security reasons to deny it). So why
does SElinux impose restrictions on user_t
that contradict this explicit setting?
--
Ivan Gyurdiev <ivg2(a)cornell.edu>
Cornell University
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
Tom London
5:31 a.m.
On Thu, 16 Sep 2004 10:09, Tom London <selinux(a)gmail.com> wrote:
I can see this going towards three 'standard' policies:
targeted,
tight and strict
(where tight is strict with usercanread 'everywhere').
In general, I'm in favor of keeping strict as it is: well defined policies
for the mandatory access controls that override the discretionary ones.
If you want strict with usercanread everywhere, then you probably want
targetted with more daemons having policy.
The general plan is to add more daemons to the targetted policy, so I think
that long-term anyone who wants what you refer to as "tight" would be best
served by the targetted policy.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
7178
days inactive
7182
days old
selinux@lists.fedoraproject.org
2 comments
3 participants
participants (3)
-
Ivan Gyurdiev -
Russell Coker -
Tom London