Michael Wiktowy wrote:
On 4/2/06, Craig White <craigwhite@xxxxxxxxxxx> wrote:
On Sun, 2006-04-02 at 09:31 +0200, A.J. Bonnema wrote:
Michael Wiktowy wrote:
I just fixed my problem with
chcon -t texrel_shlib_t /usr/lib/libsipphoneapi.so.0.78.20060211
I am not exactly sure what that does though.
Craig,
I wonder how many people do these statements without understanding the
implications? How secure would that be?
----
I see your point and agree with it except that you can consider...
the target is /usr/lib/libsippphoneapi.so...
so the adjustment is made to one specific file for one specific purpose
and the whole of selinux remains intact beyond that. That is
significant.
All this conversation is starting to make me feel a little bit like a
lab-rat ;]
Beyond all the philosophical design considerations and discoverability
issues, did I do "The Right Thing" here? Also, could someone explain what
the textrel_shlib_t context implies over the original lib_t or point me
somewhere that does so clearly?
A reasonable starting point is the "Additional Security Access Checks"
section here:
http://fedoraproject.org/wiki/SELinux/FC5Features
The link to Ulrich Drepper's article there explains the technicalities.
Paul.