how does rpm work under Selinux

Ivan Gyurdiev ivg2 at cornell.edu
Wed Jun 1 02:38:12 UTC 2005


On Tue, 2005-05-31 at 22:20 -0400, Ivan Gyurdiev wrote:
> On Wed, 2005-06-01 at 04:01 +0200, Rudi Chiarito wrote:
> > 
> > No matter how tempting, that also sounds like a perfect way for a
> > rogue
> > package to subvert the whole SELinux scheme, overriding the
> > preinstalled policy, right?
> 
> Actually, I think all a rogue package has to do to subvert the SELinux
> scheme is to install itself where the regexps expect, and it will get
> labeled as a privileged process. 
> 
> It's certainly possible to restrict rpm on a SELinux system. I believe
> the current policy prevents it from writing to /etc/shadow, unless a
> tunable is on.
> 
> On the other hand I am suspicious whether this protection works at all -
> it probably allows the rpm to install an executable over an auth_write
> binary, at which point it can just install a hostile executable there,
> and the battle is lost.
> 
> I could be wrong though - I hadn't looked at the rpm policy until now...

...but that's why we import gpg keys and do rpm verification, right?

-- 
Ivan Gyurdiev <ivg2 at cornell.edu>
Cornell University




More information about the selinux mailing list