Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: Bug 129584: restrictions on user_t: msg#00063
|
Subject: |
Re: Bug 129584: restrictions on user_t |
I can see this going towards three 'standard' policies: targeted,
tight and strict
(where tight is strict with usercanread 'everywhere').
In general, I'm in favor of keeping strict as it is: well defined policies for
the mandatory access controls that override the discretionary ones.
But then again, I can understand circumstances where one may want
something 'in between' targeted and strict.
Not sure how to extend this to 'group readable', though.
tom
[My guess is that when the knowledge-/comfort-level of policy
hacking is greater, this will be less of an issue.]
On Wed, 15 Sep 2004 16:46:12 -0400, Ivan Gyurdiev <ivg2@xxxxxxxxxxx> wrote:
> Bug link: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=129584
>
> > Additional Comment #9 From Daniel Walsh (dwalsh@xxxxxxxxxx) on
> > 2004-09-15 15:55
>
> > Yes there are a lot of files that user can not access. Mainly any
> > file that has a security context associated with it and doesn't have
> > the attribute usercanread.
>
> > Again I want to bring this conversation to the public list and come to
> > concensus. We can add usercanread to these files, but the question
> > than is should a user be able to read all files even if they are world
> > readable.
>
> I don't see why not. If you think the user should not be able
> to read those files, then why aren't their permissions flags
> set accordingly? If a file was intended to be readable only
> by a certain application or only by root then it could have had
> the proper user/group/rwx flags set - this restriction could
> have been imposed without SELinux. If it is marked
> user readable then it seems to me that any user should
> be able to read it (or at least that there are no
> security reasons to deny it). So why
> does SElinux impose restrictions on user_t
> that contradict this explicit setting?
>
> --
> Ivan Gyurdiev <ivg2@xxxxxxxxxxx>
> Cornell University
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
--
Tom London
|
| |
