Dan,
Now, I'm tracking the userspace extensions in passwd command
to port them into busybox.
check_selinux_access() is defined as an extension of passwd,
and it enables to confirm passwd:{passwd} permission when
root (uid==0) executes this commans.
However, there is a condition to bypass this checking.
I cannot make sure the meaning of the condition.
See the following implementation of the function.
---------------------------
48 int
49 check_selinux_access(const char *change_user, int change_uid, unsigned int access)
50 {
51 int status = -1;
52 security_context_t user_context;
53 const char *user;
54
55 if (security_getenforce() == 0) {
56 status = 0;
57 } else {
58 if (getprevcon(&user_context) == 0) {
59 context_t c;
60 c = context_new(user_context);
61 user = context_user_get(c);
62 if (change_uid != 0 && strcmp(change_user, user) == 0) {
63 status = 0;
64 } else {
65 struct av_decision avd;
66 int retval;
67 retval = security_compute_av(user_context,
68 user_context,
69 SECCLASS_PASSWD,
70 access,
71 &avd);
72 if ((retval == 0) &&
73 ((access & avd.allowed) == access)) {
74 status = 0;
75 }
76 }
77 context_free(c);
78 freecon(user_context);
79 }
80 }
81 return status;
82 }
---------------------------
In line 62, it compares the target uid and username, then checking
passwd:{passwd} is skipped when UID is non-privileged user and username
matched with user field in its security context.
Could you tell me the reason why such a checking is applied.
If it is not necessary, I think we can use checkPasswdAccess() instead.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@xxxxxxxxxxxxx>
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
