Hello, On Nov 3 19:43 Christian Boltz wrote (excerpt):
Well, in theory, you could create an AppArmor profile for rpm.
Unfortunately, you'll need to allow it writing files everywhere and also to override traditional file access permissions (capability dac_override) because, well, writing files everywhere is rpm's job, and also installing files which are only readable by a daemon user. You'll also need to allow executing basically everything because of %post etc. scripts.
Is it possible to have an AppArmor profile for rpm so that rpm cannot change already existing files? Such an AppArmor profile could be enabled before one installs third party software (e.g. additional application programs) where one does not want that any existing stuff is changed. For a nice example where such an AppArmor profile for rpm would have helped Google for "linux printer driver setuid root" (without quotation marks) and you find things like http://it.slashdot.org/story/07/07/18/0319203/major-security-hole-in-samsung... that reads (excerpt): ----------------------------------------------------------------- Posted by ... on Wednesday July 18, 2007 ... It appears that Samsung unified drivers change rights on some parts of the system: After installing the drivers, applications may launch using root rights, without asking any password. ----------------------------------------------------------------- If I remember correctly in particular OpenOffice executables had been changed at that time to run setuid root when installing that third party printer driver software to "make everything just work" for the user. In contrast when installing openSUSE maintenance updates such an AppArmor profile would have to be disabled before.
The only thing you could try is to deny access to /home/** - assuming that packages typically should not touch anything there.
A long time ago an experienced SUSE developer told me: "/home/* is sacrosanct." This means in particular that package installation must not change any user's own files. Probably it is really a good idea to create an AppArmor profile for rpm to deny access to /home/* and see how a default openSUSE installation behaves. Perhaps this could reveal "interesting" results ;-) Kind Regards Johannes Meixner -- SUSE LINUX GmbH - GF: Felix Imendoerffer, Jane Smithard, Graham Norton - HRB 21284 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org