[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sshd transition points

To: Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>
Subject: Re: sshd transition points
From: Stephen Smalley <sds@xxxxxxxxxxxxxx>
Date: Tue, 15 Feb 2005 13:14:53 -0500
Cc: SE-Linux <selinux@xxxxxxxxxxxxx>
In-reply-to: <20050215155323.GC23765@xxxxxxxx>
Organization: National Security Agency
References: <20050215155323.GC23765@xxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

On Tue, 2005-02-15 at 10:53, Luke Kenneth Casson Leighton wrote:
> so basically, my question boils down to this:
> 
> * _should_ sshd, after a fork, be still running in sshd_t?

I'm not sure I follow your posting.  Transitions normally only occur
upon execve.  sshd should transition upon executing the shell, of
course.  IIRC, there is an issue with regard to SELinux not being able
to fully leverage the privilege separation support in sshd since that
requires dynamic transitions.  Of course, since dynamic transition
support now exists, someone could look into changing sshd to use it for
finer-grained privilege bracketing.

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton

References:
- sshd transition points
  - From: Luke Kenneth Casson Leighton

Prev by Date: Re: Determining if SELinux is installed
Next by Date: Re: Determining if SELinux is installed
Previous by thread: Re: Adding libseuser functionality to libselinux?
Next by thread: Re: sshd transition points
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.