Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 120675 - default_contexts insecure
default_contexts insecure
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-12 17:39 EDT by Sean Middleditch
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-04-15 18:00:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Sean Middleditch 2004-04-12 17:39:48 EDT 
The /etc/security/default_contexts file is mildly insecure as the
default login role/context is sysadm_r:sysadm_t, followed by
staff_r:staff_t and then user_r:user_t.

Users whom have staff/sysadm rights should not have these by default
upon login.  That makes it too easy to just be lazy and accept the
default, and end up doing normal user stuff they shouldn't be doing
with those roles/contexts.
Comment 1 Sean Middleditch 2004-04-12 17:45:00 EDT 
additionally, is there a way to specify per-use what the default
context(s) are?  this would aid in support of primary roles in bug
#120571.  also would allow the login contexts to be a little more
"obvious", in that normal users with access to enhanced roles would
still be normal users as default, while a login as root could default
to sysadm_r:sysadm_t which probably makes more sense and is closer to
what users would expect.
Comment 2 Colin Walters 2004-04-15 18:00:27 EDT 
This has been fixed in the upcoming policy package.

As for per-user defaults: yes, the user's .default-contexts file.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.