1) many of the things the attacker can do if he exploits the Samba vulnerability can be found in the source policy. but there are also so many other rules in the policy (hundreds?), my question is how do I know if the other rules matter much? there are >300 rules related to smbd_t, and it just *seems* a lot can go wrong with the system.
2) how do we verify the part about what the attackers cannot do? does it mean, if i cannot find a rule that links smbd_t with user_home_t with the 'read' permission, the attacker cannot read/manipulate user home directories? Or it is not as trivial?
3) i am assuming ports 137-139 and 445 are labelled smbd_port_t, but where can i find this assignment in the policy? i am currently using apol.
thank you
On Mon, Aug 17, 2009 at 10:42 AM, adrian golding <adriangolding@xxxxxxxxx> wrote:
dear all, can you please point me to the right place:with reference to: http://danwalsh.livejournal.com/10131.htmli am interested in how dan knows what an attacker can make use of the samba vulnerability to do by default, and what the attacker cannot do. More generally speaking, how do we look at a service or application in a SELinux system, and finding out what the attacker can do and cannot do in the case of the service being exploited?in that page, he looked at some of the relevant booleans and i guess "samba_enable_home_dirs ---> off" prevents the attacker to read/manipulate the user's home directories. But what about the rest? What other things can an end user (who is not very experienced in SELinux) examine to know what the attacker can / cannot do?thank you
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
