From CDOT Wiki
Jump to: navigation, search

Peter Valerio 4th Year IFS Student Anti-SELinux Enthusiast

Project: SELinux Policy Analysis


0.1- I released the te file for telnet, along with my hopes for how I wanted to test it. Which didn't go so well.

0.2- I released the results and a summary of the tests that I performed. These tests ended up not being relevant to SELinux. In case it isn't obvious, SELinux is not easy to understand whatsoever.

0.3- I talked with some people in the community, as well as Raymond Chan (who seems to be the only knowledgeable person on SELinux in the country), and decided to try and analyse a more relevant service, since telnet is so outdated and practically dead. I chose to do this analysis of the DHCP policy, since this is a service that is widely used, and possibly overlooked from a security point of view. I released an analysis I did of the policy, along with a test program I put together that I was trying to use as a proof of concept, and an RPM that I packaged with a patch file to one of the DHCP policy modules.

This course was/is a large challenge from someone in the IFS program, with no building or packaging experience. Nevertheless, it was useful information that was being delivered in a world that is increasingly open-source.