From: James Antill <james.antill@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: redhat-lspp@redhat.com, Daniel J Walsh <dwalsh@redhat.com>,
"GeorgeC.Wilson" <ltcgcw@us.ibm.com>,
selinux@tycho.nsa.gov
Subject: Re: [redhat-lspp] Re: MLS enforcing PTYs, sshd, and newrole
Date: Wed, 25 Oct 2006 15:15:24 -0400 [thread overview]
Message-ID: <1161803724.29689.57.camel@code.and.org> (raw)
In-Reply-To: <1161784759.3987.295.camel@moss-spartans.epoch.ncsc.mil>
[-- Attachment #1: Type: text/plain, Size: 1533 bytes --]
On Wed, 2006-10-25 at 09:59 -0400, Stephen Smalley wrote:
> On Wed, 2006-10-25 at 09:50 -0400, James Antill wrote:
> > My understanding is that while security_check_context() allows it, the
> > setexeccon() will fail. Which seemed to be good enough.
>
> No, it won't. Suppose that I have two Linux users A and B, with A
> authorized for category c0 and B authorized for category c2 in seusers,
> but both A and B are mapped to SELinux user U who is authorized for all
> categories in the kernel policy. The login-style programs are naturally
> going to be authorized to transition to any of those contexts since they
> have to deal with user logins at any level, so the setexeccon() will
> succeed. The SELinux security context will have U as the user identity,
> so it will always be valid. You need an explicit check.
Ok, I had assumed that "U" would always be different in this case. I
think this update to the patch solves the problem ... it gets the list
of valid roles/levels from get_ordered_context_list() (which I think is
complete, but I'm not 100%) and compares what is entered against that.
I'm not 100% sure this is right (it means there would be huge lists
returned for MCS, no?), but I don't see what else I can call that would
validate the role/level-range for a specific login.
--
James Antill - <james.antill@redhat.com>
setsockopt(fd, IPPROTO_TCP, TCP_CONGESTION, ...);
setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, ...);
setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, ...);
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2006-10-25 19:15 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-12 7:33 MLS enforcing PTYs, sshd, and newrole Klaus Weidner
2006-10-12 10:25 ` Russell Coker
2006-10-12 14:48 ` Klaus Weidner
2006-10-12 15:16 ` Michael C Thompson
2006-10-12 16:54 ` [redhat-lspp] " Casey Schaufler
2006-10-12 15:37 ` Casey Schaufler
2006-10-19 13:21 ` [redhat-lspp] " Daniel J Walsh
2006-10-19 13:30 ` Stephen Smalley
2006-10-19 14:06 ` Daniel J Walsh
2006-10-19 14:32 ` Stephen Smalley
2006-10-21 4:37 ` Casey Schaufler
2006-10-23 16:14 ` James Antill
2006-10-23 16:39 ` Casey Schaufler
2006-10-23 16:45 ` Paul Moore
2006-10-23 18:41 ` Casey Schaufler
2006-10-24 20:37 ` James Antill
2006-10-25 0:19 ` George C. Wilson
2006-10-25 11:48 ` Stephen Smalley
2006-10-25 12:22 ` Stephen Smalley
2006-10-25 13:50 ` James Antill
2006-10-25 13:59 ` Stephen Smalley
2006-10-25 19:15 ` James Antill [this message]
2006-10-25 19:24 ` Stephen Smalley
[not found] ` <1161970810.29689.88.camel@code.and.org>
[not found] ` <1161974293.1306.167.camel@moss-spartans.epoch.ncsc.mil>
2006-10-30 20:03 ` [PATCH 1/3] " James Antill
2006-10-30 20:16 ` [PATCH 2/3] " James Antill
2006-10-30 20:22 ` [PATCH 3/3] " James Antill
2006-10-31 14:23 ` [PATCH 2/3] " Stephen Smalley
2006-10-31 14:24 ` Stephen Smalley
2006-10-31 15:00 ` James Antill
2006-10-31 15:11 ` Stephen Smalley
2006-10-31 16:04 ` James Antill
2006-10-31 16:21 ` Stephen Smalley
2006-10-31 18:33 ` James Antill
2006-11-01 12:36 ` Stephen Smalley
2007-01-04 21:34 ` [redhat-lspp] " Daniel J Walsh
2007-01-04 21:57 ` Linda Knippers
2007-01-04 22:19 ` Daniel J Walsh
2007-01-04 23:19 ` Linda Knippers
2007-01-05 1:07 ` Klaus Weidner
2007-01-05 3:05 ` Joshua Brindle
2007-01-05 3:33 ` Klaus Weidner
2007-01-05 3:35 ` Joshua Brindle
2007-01-05 4:01 ` Klaus Weidner
2007-01-05 15:56 ` Stephen Smalley
2007-01-05 16:23 ` Daniel J Walsh
2007-01-05 16:24 ` Daniel J Walsh
2007-01-05 17:05 ` Daniel J Walsh
2007-01-05 18:34 ` Stephen Smalley
2007-01-05 18:43 ` Stephen Smalley
2007-01-05 15:55 ` Stephen Smalley
2007-01-04 22:13 ` Casey Schaufler
2007-01-04 22:20 ` Daniel J Walsh
2006-10-31 14:20 ` [PATCH 1/3] " Stephen Smalley
2006-10-25 21:36 ` [redhat-lspp] " Stephen Smalley
2006-10-26 14:09 ` Daniel J Walsh
2006-10-19 13:32 ` Steve Grubb
2006-10-19 13:39 ` Stephen Smalley
2006-10-20 7:00 ` Russell Coker
2006-10-27 15:36 ` Valdis.Kletnieks
2006-10-27 23:04 ` Russell Coker
2006-10-31 14:29 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1161803724.29689.57.camel@code.and.org \
--to=james.antill@redhat.com \
--cc=dwalsh@redhat.com \
--cc=ltcgcw@us.ibm.com \
--cc=redhat-lspp@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.