On Thu, 2004-04-15 at 08:18, Gene Czarcinski wrote: > What make -C /etc/security/selinux/src/policy/ relabel appears to do is to go > through the all mounted filesystems and set the attributes depending on the > rules it has. The question is, does it follow symbolic links or not. If it > does not, then there should not be a problem as long as all of the policy > rules always use the actual (non-symbolic-link) path AND make sure we do also > if we do something manually. setfiles does not follow symlinks during the traversal (FTW_PHYS). It also attempts to detect multiple hard links to the same file and issue warnings if they would yield different security contexts. > However, I can see a problem occurring if it does follow symbolic links > because the process likely occurs in sorted order. Now /tmp is clears (or so > it says and, I hope, that means /var/tmp/ also), so I should not be able to > rename /usr/X11R6/bin/Xorg. However, what if I had a symbolic link from my > home directory to something in /etc. Would that get mislabeled? setfiles doesn't follow symlinks during the traversal, but there is a legitimate concern about malicious symlinks created during the traversal after descent. At present, this is mitigated by policy - setfiles is not allowed to follow untrustworthy symlinks. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
