Re: SELinux and the Desktop

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2004-10-14 at 14:27 -0400, Stephen Smalley wrote:
> On Thu, 2004-10-14 at 13:56, Steve Coleman wrote:
> > Colin Walters walters-at-redhat.com |fedora| wrote:
> > 
> >The major threat here is environment variables, right? 
> 
> Hmm...didn't get Colin's original message, but I saw this reply. 
> Anyway, if the question is about domain transitions on scripts, then
> there is a fundamental race condition on script execution.  Think: 
> kernel looks up script file and reads header, kernel invokes interpreter
> with script file path as argument, interpreter looks up script file. 
> Caller can run arbitrary code in the new domain.

Well, this is only a threat in the case where the caller can do an
unlink in the directory that the script is in, correct?  I can see
that's a fundamental problem, but personally I'm more interested in
trying to for example give someone the ability to run /etc/init.d/* in a
secure manner.  Say we define a type like 'daemon_admin_t' that has
permissions to transition to initrc_t; perhaps we'd need to label
certain files in /etc/init.d/ instead of allowing general access to
initrc_t.  Right now though if you tried to do that a malicious attacker
could set many environment variables like PATH or IFS which shell
scripts would pick up.  Cleaning the environment would close that hole.



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux