From: russell@coker.com.au (Russell Coker)
Date: Sat, 27 Sep 2008 06:30:12 +1000
Subject: [refpolicy] useradd/passwd patch
In-Reply-To: <48DCD955.8080409@redhat.com>
References: <48DAB33E.3030209@kutulu.org>
	<200809260657.50453.russell@coker.com.au>
	<48DCD955.8080409@redhat.com>
Message-ID: <200809270630.14095.russell@coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Friday 26 September 2008 22:45, Daniel J Walsh <dwalsh@redhat.com> wrote:
> > It might make some sense to only check the password in one way (IE call
> > the executable even when running as root without SE Linux) as it's not
> > something that happens often enough to cause performance.  But in that
> > case I think that the suitably privileged domains should be permitted to
> > execute unix_chkpwd in the same domain.
>
> And how is this more or less secure?

Having only one code path to audit can only be a win for security.

If a domain is permitted to write to shadow_t then having unix_chkpwd executed 
in the same domain doesn't make any difference to security but will reduce 
the size of the policy a little.

-- 
russell at coker.com.au
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development