Re: lnk_file read permission

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Il 2020-07-30 10:11 Ondrej Mosnacek ha scritto:
There are attacks possible, although possibly not for the threat model
that is interesting for a regular Fedora user. A symlink is
technically still a file with some data in it (representing the path
to the target, but you can basically put an arbitrary string there),
so it could be used as a covert channel to smuggle some data between
domains. In an MLS setting, which is one of the main target use cases
of SELinux, such information leak could be a serious concern.

True, in a full MLS or strict selinux mode, symlink can be used to sneakly pass some unwanted data between domains. But, as you stated, this should be a non-issue for a targeted policy as used by Fedora, CentOS, etc.

So for Fedora it might indeed make sense to add some
"domain_can_read_symlinks" boolean for people who customize things
with symlinks a lot... But there might be other reasons for being
careful with symlinks that you or I haven't thought of :) I'd suggest
asking on the upstream mailing list (selinux@xxxxxxxxxxxxxxx) on
if/why it's a good idea to follow the principle of least privilege
also for symlinks. You are likely to get a more educated answer there.

The boolean "can_read_symlinks" is, indeed, a very good idea. I'll ask on upstream mailing list as you suggested.

I don't understand what is meant here... Do you have a link to the
bugzilla in question?

Sorry, it was not on bugzilla, but on this same list: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx/message/J7ZRMNQ5MJNN3NH2EOMZIBNGRXKQ554N/

Thanks.


--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.

--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti@xxxxxxxxxx - info@xxxxxxxxxx
GPG public key ID: FF5F32A8
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux