From: Tom <tom@lemuria.org>
To: SE Linux <selinux@tycho.nsa.gov>
Subject: policy question
Date: Thu, 18 Apr 2002 11:22:38 +0200 [thread overview]
Message-ID: <20020418112238.A1788@lemuria.org> (raw)
After the 3rd reading, I think I finally "got it" - the policy part,
that is. Objects, Domains, Types, Roles, you name it.
So, I'm now at the "learning by example" stage. I'm looking through the
example policy files, trying to understand what they do. I use that
apol tool to analyse it as well as looking through the raw files.
Now a question: One thing I'd like to write a policy about is a
seperated webserver. I *think* it can be done.
Scenario: Webhosting with PHP, multiple users (possibly many)
Danger: PHP runs as a module, i.e. with apache's user and permissions.
that means it is trivial for every user to acess other user's files,
including .php files that may include things like database passwords.
Solution: domain transition to individual user's domain when reading a
file of that user. something like
domain_auto_trans(httpd_t, user_webdata_t, user_t)
should do the trick (I say "something like" because this macro expands
to include only execution, but I see no reason why the same can't be
done for file open or read).
The tricky part is that the apache will have to revert BACK to its
original domain once the operation is done, i.e. something like "on
socket close, domain transition to httpd_t". however, the user_t domain
should not have the general ability to make a transition to httpd_t.
Am I making any sense? Or do I need to read the papers again? :)
--
http://web.lemuria.org/pubkey.html
pub 1024D/D88D35A6 2001-11-14 Tom Vogt <tom@lemuria.org>
Key fingerprint = 276B B7BB E4D8 FCCE DB8F F965 310B 811A D88D 35A6
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next reply other threads:[~2002-04-18 9:22 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-04-18 9:22 Tom [this message]
2002-04-18 10:44 ` policy question Russell Coker
2002-04-18 12:25 ` Tom
2002-04-18 14:51 ` Russell Coker
2002-04-18 15:15 ` Tom
2002-04-18 15:32 ` Stephen Smalley
2002-04-18 16:21 ` Tom
2002-04-18 18:28 ` Russell Coker
2002-04-18 20:40 ` Tom
2002-04-18 21:47 ` Russell Coker
2002-04-19 6:30 ` Tom
2002-04-18 16:08 ` Russell Coker
2002-04-18 16:32 ` Tom
2002-04-18 18:47 ` Russell Coker
2002-04-18 20:49 ` Tom
2002-04-18 21:44 ` Russell Coker
2002-04-19 6:14 ` Tom
2002-04-19 9:10 ` Russell Coker
2002-04-19 12:27 ` Tom
2002-04-19 15:02 ` Stephen Smalley
2002-04-18 15:22 ` Stephen Smalley
-- strict thread matches above, loose matches on Subject: below --
2002-05-02 10:11 Policy question Reino Wallin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020418112238.A1788@lemuria.org \
--to=tom@lemuria.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.