Re: SELinux is preventing pyzor from getattr access on the file /usr/bin/rpm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 09/03/2015 12:17 PM, Tom Rivers wrote:
On 9/2/2015 17:10, Daniel J Walsh wrote:
Abort must have been executed under the pyzor context.  All SELinux is reporting what the kernel sees.

For the record, I freely admit to not understanding the mechanism by which this happened, so if I am totally off base with what I'm about to suggest I apologize for my ignorance.

Isn't the fact a separate entity like abrt can make itself look like python was to blame for something it did a cause for some concern?  Is it possible some malicious program could use this same masquerade process to assume the identity of some other process and do things SELinux wouldn't normally allow?


Tom

If you can somehow get a confined application to execute a program and SELinux allows the executing of that program in the current context, then it will get the same privileges.

So yes if you can convince a program to do this you are potentially in trouble, but less trouble with SELinux then without.

As far as Abrt is concerned, I think there is some kernel mechanism at work here where applications somehow exec this helper when they crash.

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux