Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] NSA SELinux
  • From: Mark Müller <trusted@xxxxxx>
  • Date: Sun, 02 Jun 2002 11:17:02 +0200
  • Message-id: <3CF9E28E.8040303@xxxxxx>
JW wrote:
What version of SuSE are you compiling against, 8.0?
7.3 Pro. I think compilation would be the same on 8.0 and 7.3.

Would like to know exactly what packages you have working and each packages version number. That way it will be clear what's been worked on and what hasn't been, to avoid duplicate effort?
You need at least:

1. the LSM/Selinux kernel from the homepage (I downloaded the prepatched vanilla kernel)

2. Flex for compiling the policy. It should be flex-<Version>.rpm (flex-2.5.4-410.i386.rpm from the SuSE ftp server)

3. for the newrole and run_init program:
pam-devel-*.rpm (pam-devel-0.75-78.i386.rpm)
It contains the libraries and header files for Linux-PAM used by SEL.

4. for util-linux:
- termcap library. I suggest to download the latest package from the ftp-server, the older version was vulnerable to a buffer overflow attack iirc.

- Slang library: slang-*.rpm (slang-1.4.4-95.i386.rpm)

- Modification to util-linux-2.11f/text-utils/Makefile:
A library is missing for more:
Buggy:
more: more.o $(LIB)/xstrncpy.o
$(CC) $(CFLAGS) $(LDFLAGS) $^ -o $@ $(LIBTERMCAP)
better:
more: more.o $(LIB)/xstrncpy.o
$(CC) $(CFLAGS) $(LDFLAGS) $^ -o $@ $(LIBTERMCAP) $(LIBCURSES)

However if you compare the makefile from the SELinux package to the original or to the SuSE makefile, it's slightly different at this point. I don't know why they changed (RedHat or SELinux staff) it. If you change the makefile so that it looks like the original or the SuSE version it should work I think.

Are you modifying the SuSE srpms or just using tars from each vendor as appropriate? I'm interestd in making RPMs out of each at some point.
My goal is to modify as least as possible in order to have a very simple installation. First I tried to change Makefiles and configuration files but its easier to leave SELinux as it is and install necessary libraries. I don't like messing with packages if it is not absolutely necessary. And I don't want to do the job over and over again when a new release comes.

Shall we move to the suse-selinux mailing list or keep the thread here open?

Mark


< Previous Next >
Follow Ups
References