On 08/16/2009 10:42 PM, adrian golding wrote: > dear all, can you please point me to the right place: > with reference to: http://danwalsh.livejournal.com/10131.html > > i am interested in how dan knows what an attacker can make use of the samba > vulnerability to do by default, and what the attacker cannot do. More > generally speaking, how do we look at a service or application in a SELinux > system, and finding out what the attacker can do and cannot do in the case > of the service being exploited? > > in that page, he looked at some of the relevant booleans and i guess > "samba_enable_home_dirs ---> off" prevents the attacker to read/manipulate > the user's home directories. But what about the rest? What other things can > an end user (who is not very experienced in SELinux) examine to know what > the attacker can / cannot do? > > thank you > > > > ------------------------------------------------------------------------ > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list One simple answer is I can look at the policy source code. Secondly you can use the sesearch command sesearch --allow -s smbd_t Shows me all the rules of what smbd_t is allowed to do. If I want to do more complex analyses of the policy I can use a tool like apol. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
