Re: Default Policy question?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tom <tom@lemuria.org>
To: Russell Coker <russell@coker.com.au>
Cc: SELinux@tycho.nsa.gov
Subject: Re: Default Policy question?
Date: Tue, 3 Jun 2003 08:30:59 +0200	[thread overview]
Message-ID: <20030603083059.A4056@lemuria.org> (raw)
In-Reply-To: <200306030951.59964.russell@coker.com.au>; from russell@coker.com.au on Tue, Jun 03, 2003 at 09:51:59AM +1000

On Tue, Jun 03, 2003 at 09:51:59AM +1000, Russell Coker wrote:
> > * his home directory (environment)
> > * policy and policy tools
> > * kernel and kernel modules
> 
> So who runs debugfs/fdisk/mkfs?

Note that I'm not trying to protect against DESTRUCTION of the system,
but against subversion.

> > Other than that, all other tools are limited by the policy, aren't
> > they? The sysadm_r can replace ls with a trojaned binary, but he can't
> > make it do anything that the normal ls isn't allowed to do.
> 
> When "ls" is run by any userdomain it does not trigger a domain transition.  
> If ls is compromised it's game-over, ls can do lots of interesting things 
> other than list the stats of files if it wants to...

But if I control the policy, I can add an auto_trans rule. bin_exec_t
could auto_trans to sysadm_t so the sysadm gains nothing by trojaning
any binary. :)

I didn't say the default policy is good enough for this. I'm just
trying to figure out whether it's possible at all.

-- 
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2003-06-03  6:30 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-06-02 16:04 Default Policy question? Daniel J Walsh
2003-06-02 17:21 ` Stephen Smalley
2003-06-02 21:03   ` Tom
2003-06-02 23:51     ` Russell Coker
2003-06-03  6:30       ` Tom [this message]
2003-06-03 13:31         ` Russell Coker
2003-06-03 12:20     ` Stephen Smalley
2003-06-03 17:20       ` Tom
2003-06-02 18:11 ` Tom
2003-06-02 20:22 ` Frank Mayer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030603083059.A4056@lemuria.org \
    --to=tom@lemuria.org \
    --cc=SELinux@tycho.nsa.gov \
    --cc=russell@coker.com.au \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.