Bug#351631: [Pkg-shadow-devel] Bug#351631: passwd: Please compile with SE Linux support
On Tuesday 07 February 2006 16:45, Christian Perrier <[EMAIL PROTECTED]> wrote: > > Currently useradd/userdel make a SE Linux system unusable and unbootable, > > the change I request fixes that. The base functionality of /bin/passwd > > works, but it doesn't perform checks for SE Linux permission, so > > root:user_r:user_t can change passwords for any user. This is also fixed > > by the change I request. > > > > > > PS You will also need to make it build-depend on libselinux1-dev. > > Yep. That's the last point to sort as this package is not available on > the Hurd as Nicolas François pointed on IRC (#shadow on freenode). Build-depends on (libselinux1-dev | something-hurd)? > I'm very seriously considering the suggested change and I'm now in the > "only Manoj can make my mind change" mood...:-) This is a machine-killing bug for SE Linux systems, Manoj won't object. > We are about to upload a new release of shadow as soon as the current > one will have reached testing, which should happen, from memory, in 1 > day or two. I expect this new release to be built with libselinux1. Great!
Bug#351631: [Pkg-shadow-devel] Bug#351631: passwd: Please compile with SE Linux support
> Currently useradd/userdel make a SE Linux system unusable and unbootable, the > change I request fixes that. The base functionality of /bin/passwd works, > but it doesn't perform checks for SE Linux permission, so root:user_r:user_t > can change passwords for any user. This is also fixed by the change I > request. > > > PS You will also need to make it build-depend on libselinux1-dev. Yep. That's the last point to sort as this package is not available on the Hurd as Nicolas François pointed on IRC (#shadow on freenode). I'm very seriously considering the suggested change and I'm now in the "only Manoj can make my mind change" mood...:-) We are about to upload a new release of shadow as soon as the current one will have reached testing, which should happen, from memory, in 1 day or two. I expect this new release to be built with libselinux1.
Bug#351631: [Pkg-shadow-devel] Bug#351631: passwd: Please compile with SE Linux support
On Tuesday 07 February 2006 04:18, Christian Perrier <[EMAIL PROTECTED]> wrote: > > Please remove the --without-selinux from debian/rules. This will not > > alter the functionality on a non-SE system, but makes a big difference > > when running SE Linux. > > I see no objection to this. Last time we were considering this, Manoj > suggested another way to go (namely use/support pam_selinux, > IIRC). Manoj, would you care commenting? Currently useradd/userdel make a SE Linux system unusable and unbootable, the change I request fixes that. The base functionality of /bin/passwd works, but it doesn't perform checks for SE Linux permission, so root:user_r:user_t can change passwords for any user. This is also fixed by the change I request. PS You will also need to make it build-depend on libselinux1-dev. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#351631: [Pkg-shadow-devel] Bug#351631: passwd: Please compile with SE Linux support
Quoting Russell Coker ([EMAIL PROTECTED]): > Package: passwd > Version: 1:4.0.14-4 > Severity: normal > > Now that libselinux1 has priority required there is no reason for any > package not to include SE Linux support. > > Please remove the --without-selinux from debian/rules. This will not > alter the functionality on a non-SE system, but makes a big difference > when running SE Linux. I see no objection to this. Last time we were considering this, Manoj suggested another way to go (namely use/support pam_selinux, IIRC). Manoj, would you care commenting? Hint: I am myself totally ignorant about SE Linux so please forgive in advance any stupid question or remark I would make...:) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]