From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 01 Mar 2010 08:42:05 -0500
Subject: [refpolicy] Possible regression and bug in
 userdom_base_user_template
In-Reply-To: <20100301102220.GF3990@myhost.felk.cvut.cz>
References: <20100301102220.GF3990@myhost.felk.cvut.cz>
Message-ID: <1267450925.30557.7.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2010-03-01 at 11:22 +0100, Michal Svoboda wrote:
> 
> Christopher J. PeBenito wrote:
> > The Fedora list is more appropriate for this discussion, as these rules
> > are specific to the Fedora policy.
> 
> Okay, it seems so, thanks. But the usr_t rule remains in refpolicy too.
> Is the reasoning here the same? That is
> 
> Daniel J Walsh wrote:
> >    Executing usr_t is not that big of a security risk.
> 
> ... because from the purity point of view it would seem that usr_t
> should be a label of read only, non-executable files.

In an ideal world, usr_t files would be treated as you say.  The problem
is that packages put their files all over the place (have you looked to
see what files are executable in /usr/share?).  I agree with Dan, I
don't feel its a big deal.  usr_t files should be high integrity system
files, just like bin_t files are.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150