From: russell@coker.com.au (Russell Coker) Date: Tue, 9 Mar 2010 13:14:02 +1100 Subject: [refpolicy] user vs unconfined Message-ID: <201003091314.03493.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Why do unconfined_t and user_t use the same file types for almost everything in the latest policy? This means that if an unconfined user has bad Unix permissions on their home directory then user_t can replace a file that will be executed and therefore gain unconfined_t access. So is there any benefit in using user_t in such a scheme? If there isn't a benefit, and as almost all users of the Fedora policy will only use unconfined_t for user sessions it seems that the thing to do would be to restore the previous separation of user_t, staff_t, sysadm_t, and unconfined_t for those who need it as it won't actually affect the Fedora users. Or of course I could just maintain a private fork of the policy for Debian. Since 2002 the Debian policy has denied root:user_r:user_t the ability to take over the system and I plan to keep it that way. -- russell at coker.com.au http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog