From: russell@coker.com.au (Russell Coker) Date: Sat, 27 Sep 2008 06:30:12 +1000 Subject: [refpolicy] useradd/passwd patch In-Reply-To: <48DCD955.8080409@redhat.com> References: <48DAB33E.3030209@kutulu.org> <200809260657.50453.russell@coker.com.au> <48DCD955.8080409@redhat.com> Message-ID: <200809270630.14095.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Friday 26 September 2008 22:45, Daniel J Walsh wrote: > > It might make some sense to only check the password in one way (IE call > > the executable even when running as root without SE Linux) as it's not > > something that happens often enough to cause performance. But in that > > case I think that the suitably privileged domains should be permitted to > > execute unix_chkpwd in the same domain. > > And how is this more or less secure? Having only one code path to audit can only be a win for security. If a domain is permitted to write to shadow_t then having unix_chkpwd executed in the same domain doesn't make any difference to security but will reduce the size of the policy a little. -- russell at coker.com.au http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development