[Yum-devel] selinux and other pain
Michael Stenner
mstenner at linux.duke.edu
Thu Feb 26 15:59:29 UTC 2004
On Thu, Feb 26, 2004 at 09:49:10AM -0500, seth vidal wrote:
> > non-interacting:
> > 1) gather all the info needed for download
> > 2) fork, download, terminate child
> > 3) install
>
> so we're passing all the password, etc info to the process? in
> environment or on the commandline? How horribly vulnerable is that?
Well, if the data exists in memory BEFORE the fork, then it will
simply exist in memory for both processes after the fork. I'd be
shocked if this was non-safe.
A fork is not like a system call. At the time of the fork, the
process is cloned. The two processes are completely identical except
for process ID and the return value of the fork() command.
> > interacting
> > fork immediately, but have the two (or more) processes
> > communicate. This could be done old-school via simple socket
> > communication, or it could be done via xmlrpc or something
> > fancier.
>
> xmlrpc MIGHT be safer - but I'm not sure if the two processes would be
> allowed to communicate like that in the selinux security model.
Agreed. I would hope that socket communication would be safe, but who
knows. Those guys are psycho.
> my problem is that it makes things such a pain in the ass for a
> questionable security savings.
Yes. I'm approaching this not so much as "should we split it out" but
rather "if we split it out, how should we do it". Hopefully, the
discussion will give us a better idea of the options so we can decide
if any of them are worthwhile.
-Michael
--
Michael D. Stenner mstenner at ece.arizona.edu
ECE Department, the University of Arizona 520-626-1619
1230 E. Speedway Blvd., Tucson, AZ 85721-0104 ECE 524G
More information about the Yum-devel
mailing list