[CentOS] OpenSSH-5.3p1 selinux problem on CentOS-5.4.
Ned Slider
ned at unixmail.co.uk
Thu Feb 4 17:00:51 UTC 2010
James B. Byrne wrote:
<snip>
>
> I am not sure what effect disabling SELinux support in SSH actually
> has from a security standpoint. So, if anyone cares to enlighten me
> on the the consequences I would like to know.
>
I was under the impression that sshd runs unconfined in the current CentOS?
$ ps axZ | grep sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 2766 ? Ss 0:00
/usr/sbin/sshd
For example, you don't need to change the ssh_port in SELinux when
running the sshd on an alternative port, I assume because sshd is
running unconfined.
Also, it makes little sense to me to run sshd in a confined domain as an
ssh login will give the user a login (bash) shell, which also runs
unconfined:
$ ps axZ | grep bash
user_u:system_r:unconfined_t 8504 pts/3 Ss 0:00 /bin/bash
user_u:system_r:unconfined_t 16789 pts/4 Ss 0:00 /bin/bash
Or maybe I totally misunderstand?
More information about the CentOS
mailing list