[CentOS] OpenSSH-5.3p1 selinux problem on CentOS-5.4.
Ned Slider
ned at unixmail.co.ukThu Feb 4 17:00:51 UTC 2010
- Previous message: [CentOS] OpenSSH-5.3p1 selinux problem on CentOS-5.4.
- Next message: [CentOS] OpenSSH-5.3p1 selinux problem on CentOS-5.4.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
James B. Byrne wrote: <snip> > > I am not sure what effect disabling SELinux support in SSH actually > has from a security standpoint. So, if anyone cares to enlighten me > on the the consequences I would like to know. > I was under the impression that sshd runs unconfined in the current CentOS? $ ps axZ | grep sshd system_u:system_r:unconfined_t:SystemLow-SystemHigh 2766 ? Ss 0:00 /usr/sbin/sshd For example, you don't need to change the ssh_port in SELinux when running the sshd on an alternative port, I assume because sshd is running unconfined. Also, it makes little sense to me to run sshd in a confined domain as an ssh login will give the user a login (bash) shell, which also runs unconfined: $ ps axZ | grep bash user_u:system_r:unconfined_t 8504 pts/3 Ss 0:00 /bin/bash user_u:system_r:unconfined_t 16789 pts/4 Ss 0:00 /bin/bash Or maybe I totally misunderstand?
- Previous message: [CentOS] OpenSSH-5.3p1 selinux problem on CentOS-5.4.
- Next message: [CentOS] OpenSSH-5.3p1 selinux problem on CentOS-5.4.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list