Alex Ackerman wrote:
This may sound like an odd request, but I am currently working on my master’s thesis on the topic of SELinux integration into the workplace. Part of the analysis involves testing the security containment capabilities of SELinux; i.e., making sure that SELinux functions as advertised when dealing with events of escalating privilege. Does anyone on this list have any recommendations on scripts or programs which can test these capabilities? My test platforms are Fedora Core 3 (once released) and Red Hat Enterprise Linux v4.0 Beta 1. My current thinking would be to downgrade certain packages (httpd, etc) to a known vulnerable state and test, but would like to know how the members on the list test their systems. Any help would be appreciated. I can be reached at ackermal at jmu dot edu or alex at darkhonor dot com if you would like to discuss this off-list. Thank you for any assistance.I don't have any test scripts but i think rolling back the packages to one with a known vulerability would work, but since one goal of a hacker is to get a root shell, you could use runcon with a shell script to simulate what would happen if a hacker was successfull.
Alex Ackerman
James Madison University
------------------------------------------------------------------------
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
runcon -t httpd_t /bin/sh
Of course I can only get this to work in permissive mode. Setting it to enforcing kills the shell since it can not access the tty.
Also get an error "execvp: Permission denied" in enforcing.
Dan
