[ISN] Updated release of Security-enhanced Linux (fwd)

Dave Dittrich dittrich at cac.washington.edu
Sun Mar 18 01:36:45 PST 2001

FYI for those who played with the last selinux release.

Dave Dittrich Computing & Communications
dittrich at cac.washington.edu Client Services
http://staff.washington.edu/dittrich University of Washington

PGP key http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5

---------- Forwarded message ----------
Date: Sun, 18 Mar 2001 01:32:06 -0600
Subject: [ISN] Updated release of Security-enhanced Linux
From: InfoSec News <isn at C4I.ORG>

---------- Forwarded message ----------
Date: Fri, 16 Mar 2001 11:07:56 -0500 (EST)
From: Howard Holm <hdholm at epoch.ncsc.mil>
To: selinux at tycho.nsa.gov
Subject: Updated release

An updated release of Security-enhanced Linux has been posted on the
NSA web site (www.nsa.gov/selinux).

Changes include:

- Updated information on the developers' mailing list and archives was
made available.
- Answers to Frequently Asked Questions were added to the site.
- Kernel patches are now provided for 2.4.2 and 2.2.18.
- The 2.4.2 patch includes changes to virtualize the persistent SID
mapping interfaces and the file mandatory access controls.
- The 2.2.18 patch includes several bug fixes to the old 2.2-based
patch. It also includes a new implementation of System V IPC
mandatory access controls. These controls have not yet been ported to
the 2.4 kernel.
- Both the 2.2.18 and 2.4.2 patches incorporate a change in the
implementation of the new system calls that is not backward
compatible with the old implementation. Hence, the updated libsecure
must be compiled and all modified utilities must be relinked against it.
- The util-linux patch is now provided for the util-linux-2.10s sources
from kernel.org.
- The procps patch is now provided for the procps-010114 sources from
- The vixie-cron patch is now provided for the vixie-cron-3.0.1-61
sources from RedHat.
- A small fix was made to the spasswd wrapper program to ensure that it
is not mistakenly used by an administrator to try to change another
user's password. A README was added to explain the purpose of this
- The shadow password file is no longer moved by the installation
scripts, and the modified versions of libpwdb, sulogin, and the shadow
utilities are no longer provided. The relocation of the shadow password
file was creating compatibility problems with a number of applications
despite the updatedlibpwdb. A different approach for maintaining a
separate security context on the shadow password file will be
implemented in the future.
- The modified versions of rshd and wu-ftpd were removed from the
distribution and each of these daemons were limited to their initial
domain in the example policy configuration.

Howard Holm <hdholm at epoch.ncsc.mil>
Information Assurance Research Office
National Security Agency

ISN is hosted by SecurityFocus.com
To unsubscribe email LISTSERV at SecurityFocus.com with a message body of

More information about the Linux mailing list