Re: Lower Process Capabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2009-07-29 at 23:01 +1000, James Morris wrote:
> On Wed, 29 Jul 2009, Stephen Smalley wrote:
> 
> > So I think the only piece of the proposal that is orthogonal to SELinux
> > is privilege bracketing within the program (dropping caps after use).  
> > But the changes to the file and directory permissions seem more
> > questionable.
> 
> Once we have access control on policy itself, we may be able to provide an 
> API where an application can toggle a boolean on itself, e.g. to perform 
> one action with broader permissions, then switch to a tighter set of 
> permissions.  This might be implementable in a way which also prevents 
> applications from ever gaining more permissions (via typebounds).

We can actually already apply fine-grained access control on temporary
changes to booleans - just specify a distinct label for the boolean in
policy (via genfscon selinuxfs entries) and then control who can write
to that file type.

However, note that such changes affect all processes running in a given
domain, so it isn't precisely the same thing as process privilege
bracketing.

-- 
Stephen Smalley
National Security Agency

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux