[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Setting loginuid

To: Steve G <linux_4ever@xxxxxxxxx>, selinux@xxxxxxxxxxxxx
Subject: Re: Setting loginuid
From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Date: Tue, 15 Feb 2005 08:27:04 -0800 (PST)
In-reply-to: <20050215155312.45937.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

--- Steve G <linux_4ever@xxxxxxxxx> wrote:

> 2) patch all entry point programs to explicitly set
> the loginuid after the fork.
> This keep the parent process clean, but creates a
> lot of patches (20 - 30
> programs).

Some programs that use PAM, including su, are
not login sessions and hence must not set the
loginuid. Because the definition of a login
session is less clear than it might be I
suggest that the individual programs will have
to be responsible for determining if the
loginuid should be set. There are also programs,
cron comes to mind, that do not use pam (does it?)
that do create login sessions.

=====
Casey Schaufler
casey@xxxxxxxxxxxxxxxx

__________________________________ 
Do you Yahoo!? 
The all-new My Yahoo! - Get yours free! 
http://my.yahoo.com 

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- Re: Setting loginuid
  - From: Stephen Smalley

References:
- Setting loginuid
  - From: Steve G

Prev by Date: Determining if SELinux is installed
Next by Date: Re: Setting loginuid
Previous by thread: Setting loginuid
Next by thread: Re: Setting loginuid
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.