I was wondering whether strict policy could solve this problem? Thanks a lot. James On 7/28/05, James Z. Li <james.zheng.li@xxxxxxxxx> wrote: > Hi all, > > First, sorry for my English. > I wrote a set of SELinux policy rules for pine ( pine-4.63-1.i386.rpm) > on FC4 (targeted). > It works well IF no email attachments involved. As root, you are able > to browse the > whole filesystem: get a file from anywhere as the attachment or save > the attachment > to anywhere you like. Does this make the security policy totally broken? > > At the same time, I was also evaluating LIDS (lids.org). As for pine > under LIDS, > it has same problem: it requires WRITE (including READ) permission to "/" > (inode number of "/"). For SELinux, since the policy is based on > domain/type, it is > even worse in the sense of policy writing: it requires one rw_dir_file > rule for each of > several hundreds of types on the whole filesystem, so several hundreds > of rules will > be added. > > I was thinking if there is a chroot mode for pine but I could not find > any useful info. > > Another potential way to solve this problem is that to create a > directory under user's > (root's) home direcroty, which is only used to store email > attachments: you need > copy files from everywhere else to this directory before you can upload them as > outgoing attachments; and all incoming attachments will be saved to > this directory > first, then you can copy or move them to somewhere else. By doing this, we can > write corresponding policy to label this directory and grant permissions. > > Any suggestions? > > James > > Enclosed pls find my pine.fc and pine.te files > > ################################ > #/etc/selinux/targeted/src/policy/file_contexts/program/pine.fc > # pine.fc > # Authors: james.zheng.li@xxxxxxxxx > ################################ > /usr/bin/mailutil -- system_u:object_r:pine_exec_t > /usr/bin/pico -- system_u:object_r:pine_exec_t > /usr/bin/pilot -- system_u:object_r:pine_exec_t > /usr/bin/pine -- system_u:object_r:pine_exec_t > /usr/bin/rpdump -- system_u:object_r:pine_exec_t > /usr/bin/rpload -- system_u:object_r:pine_exec_t > /usr/sbin/mlock -- system_u:object_r:pine_exec_t > > /etc/pine\.info -- system_u:object_r:pine_etc_t > /etc/pine\.conf -- system_u:object_r:pine_etc_t > /etc/pine\.conf\.fixed -- system_u:object_r:pine_etc_t > > HOME_DIR/mail(/.*)? system_u:object_r:pine_user_home_t > HOME_DIR/\.addressbook(\.lu)? -- system_u:object_r:pine_user_home_t > HOME_DIR/\.pine-debug[1-4] -- system_u:object_r:pine_user_home_t > HOME_DIR/\.pinerc -- system_u:object_r:pine_user_home_t > HOME_DIR/\.newsrc -- system_u:object_r:pine_user_home_t > HOME_DIR/\.signature -- system_u:object_r:pine_user_home_t > HOME_DIR/\.mailcap -- system_u:object_r:pine_user_home_t > HOME_DIR/\.mime\.types -- system_u:object_r:pine_user_home_t > HOME_DIR/\.pine-interrupted-mail -- > system_u:object_r:pine_user_home_t > HOME_DIR/dead\.letter -- system_u:object_r:pine_user_home_t > > ################################# > #/etc/selinux/targeted/src/policy/domains/program/pine.te > # pine.te > # Authors: james.zheng.li@xxxxxxxxx > ################################# > # > # Rules for the pine domain. > # > # pine_t is the domain for the pine program > # pine_exec_t is the type of the corresponding program. > # > type pine_t, domain,privmail,nscd_client_domain; > type pine_exec_t, file_type, sysadmfile, exec_type; > type pine_user_home_t, file_type, sysadmfile, customizable; > type pine_etc_t, file_type, sysadmfile; > > role sysadm_r types pine_t; > role system_r types pine_t; > #role user_r types pine_t; > > domain_auto_trans(sysadm_t, pine_exec_t, pine_t) > #domain_auto_trans(initrc_t, pine_exec_t, pine_t) > > file_type_auto_trans(pine_t,user_home_dir_t,pine_user_home_t,dir_file_class_set) > general_domain_access(pine_t) > tmp_domain(pine) > can_exec(pine_t, pine_exec_t) > > read_sysctl(pine_t) > uses_shlib(pine_t) > allow pine_t devpts_t:chr_file create_file_perms; > allow pine_t devpts_t:dir search; > allow pine_t etc_t:file { getattr read }; > allow pine_t etc_t:lnk_file read; > read_locale(pine_t) > allow pine_t mail_spool_t:dir rw_dir_perms; > allow pine_t mail_spool_t:file create_file_perms; > allow pine_t proc_t:dir search; > allow pine_t proc_t:lnk_file read; > allow pine_t urandom_device_t:chr_file getattr; > allow pine_t usr_t:file read; > allow pine_t var_spool_t:dir search; > allow pine_t fs_t:filesystem getattr; > allow pine_t net_conf_t:file r_file_perms; > allow pine_t sbin_t:dir search; > allow pine_t sbin_t:lnk_file read; > allow system_mail_t pine_tmp_t:file { read write }; > allow system_mail_t pine_user_home_t:file { read write }; > allow pine_t home_root_t:dir { getattr search }; > allow pine_t self:capability { fsetid fowner}; > -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list