Jesse Keating wrote:
On Wednesday 07 April 2004 13:42, Richard Hally wrote:
>My first guess was that it was provided by anaconda 'cause supposedly
>you only get it if you do an install(rather than upgrade) but doing
>rpm -q--filesby pkg of anaconda does not show it. It look to me like
>it is a back door to turn off SELinux on an unsuspecting sysadmin.
>Richard Hally
>
>
Files created by %post scripts of rpms, or by the installer, don't
usually get "owned" by any particular package.
Which could be considered a "security problem" Some hardheaded security
administrators don't like "unaccounted for " files on their systems.
If you have somebody on the system that can write to your
/etc/sysconfig/selinux file while you have SELinux on and enabled, then
it's time to review your SELinux rule set and who you're handing root
accounts out to.
Rpm can put files just about anywhere. The installer (anaconda) is a
corner case but rpm certainly could be a method of attack and as you
say rpm doesn't always account for a packages files. Looks like a
trojaned rpm would work and be difficult to spot.
Richard Hally