From: domg472@gmail.com (Dominick Grift)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH/RFC] Add support for the skype_t domain
Date: Thu, 04 Aug 2011 11:34:13 +0200 [thread overview]
Message-ID: <1312450465.2050.21.camel@localhost.localdomain> (raw)
In-Reply-To: <201108041900.39165.russell@coker.com.au>
On Thu, 2011-08-04 at 19:00 +1000, Russell Coker wrote:
> But these aren't the only such files. I'm sure that there are other files
> that may be executable by common programs that run as user_t. Making a
> comprehensive list will be difficult. Also there are lots of local config
> files that don't get fuzz testing because writing to them requires equivalent
> privs to messing with the application directly.
>
In a pretty much perfect confined user environment those are the only
files that come to mind here atleast.
The implementation would rely heavily on name file transition
functionality and/or the presence of restorecond -u running in the
session.
> The assumption all along was that user_home_t was in most ways the most
> privileged of all types for files under the user home directory (with the
> possible exception of gpg_secret_t). Changing this assumption isn't going to
> be easy.
>
Agreed there. For this to work, basically everything in the user
environment needs to be confined. Starting with the layer between the
user and the system (the desktop environment)
Unfortunately it is not going to happen. At least not any time soon.
I can understand that for this reason (currently too much work, too
difficult to maintain) but i do not understand that reference policy
accepts a workaround like the one that is proposed for skype.
Tool little benefit and an endorsement that we should accept workarounds
like these. what if i propose a similar patch for lets say Ekiga (what
about empathy (insert the next gui app here)), are we going to implement
a boolean for its file sharing functionality to? where is it going to
end?
Might as well ignore the GUI environment altogether until we find a
solution that actually deals with integrity issues in a more credible
way.
end of rant.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110804/7da143d2/attachment.bin
next prev parent reply other threads:[~2011-08-04 9:34 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-24 15:38 [refpolicy] [PATCH/RFC] Add support for the skype_t domain Sven Vermeulen
2011-07-29 12:59 ` Christopher J. PeBenito
2011-08-03 13:42 ` Sven Vermeulen
2011-08-03 13:56 ` Daniel J Walsh
2011-08-03 17:48 ` Christopher J. PeBenito
2011-08-03 14:04 ` Dominick Grift
2011-08-03 23:04 ` Russell Coker
2011-08-04 8:41 ` Dominick Grift
2011-08-04 9:00 ` Russell Coker
2011-08-04 9:34 ` Dominick Grift [this message]
2011-08-04 14:22 ` Daniel J Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1312450465.2050.21.camel@localhost.localdomain \
--to=domg472@gmail.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.