From: russell@coker.com.au (Russell Coker) Date: Thu, 27 Apr 2017 03:23:25 +1000 Subject: [refpolicy] [PATCH v2] locallogin: fix the sulogin submodule (emergency shell!) In-Reply-To: References: <1492802281.4493.1.camel@trentalancia.net> <201704270220.27679.russell@coker.com.au> Message-ID: <201704270323.25612.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 27 Apr 2017 02:32:05 AM Guido Trentalancia via refpolicy wrote: > Unfortunately, your sulogin patch didn't work, so it was not just a matter > of unneeded permissions! > > You can check by yourself that it was missing critical permissions while > granting unneeded ones... It worked for me last time I tested it on Debian. Maybe other distributions need different permissions. Maybe the Debian sulogin changed to require more permissions since the last time I tested it. But I don't submit policy based on what I imagine programs might do, it's based on what I observe them doing. > Also, I have already stressed out several times that getty should probably > run without the sys_admin capability. They didn't want to change it, I am > not going to tell that again. As the previous discussion that I linked to showed there was a situation where a character could be lost if that permission wasn't granted. I expect that getty could be changed to address that issue. But I also recall that there was another issue which I couldn't get the details of in 10 minutes of Googling. > Feel free to submit your sys_admin capability patch for getty, sulogin or > both. Consider, I have not tested other variations for sulogin, I consider > the change of minor importance compared to this patch. As I have stated several times sulogin has a sole purpose of running a shell with ultimate privileges and therefore I think that restricting it's access is futile. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/