userspace checking in passwd command

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dan,

Now, I'm tracking the userspace extensions in passwd command
to port them into busybox.

check_selinux_access() is defined as an extension of passwd,
and it enables to confirm passwd:{passwd} permission when
root (uid==0) executes this commans.
However, there is a condition to bypass this checking.
I cannot make sure the meaning of the condition.

See the following implementation of the function.
---------------------------
    48  int
    49  check_selinux_access(const char *change_user, int change_uid, unsigned int access)
    50  {
    51          int status = -1;
    52          security_context_t user_context;
    53          const char *user;
    54
    55          if (security_getenforce() == 0) {
    56                  status = 0;
    57          } else {
    58                  if (getprevcon(&user_context) == 0) {
    59                          context_t c;
    60                          c = context_new(user_context);
    61                          user = context_user_get(c);
    62                          if (change_uid != 0 && strcmp(change_user, user) == 0) {
    63                                  status = 0;
    64                          } else {
    65                                  struct av_decision avd;
    66                                  int retval;
    67                                  retval = security_compute_av(user_context,
    68                                                               user_context,
    69                                                               SECCLASS_PASSWD,
    70                                                               access,
    71                                                               &avd);
    72                                  if ((retval == 0) &&
    73                                      ((access & avd.allowed) == access)) {
    74                                          status = 0;
    75                                  }
    76                          }
    77                          context_free(c);
    78                          freecon(user_context);
    79                  }
    80          }
    81          return status;
    82  }
---------------------------
In line 62, it compares the target uid and username, then checking
passwd:{passwd} is skipped when UID is non-privileged user and username
matched with user field in its security context.

Could you tell me the reason why such a checking is applied.
If it is not necessary, I think we can use checkPasswdAccess() instead.

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@xxxxxxxxxxxxx>

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux