From: Bill Laut <wlsel@verizon.net>
To: russell@coker.com.au
Cc: SELinux Mailing List <selinux@tycho.nsa.gov>
Subject: Re: Emacs major mode for policy editing
Date: Sun, 28 Sep 2003 13:25:17 -0400 [thread overview]
Message-ID: <200309281325.17196.wlsel@verizon.net> (raw)
In-Reply-To: <200309281343.23332.russell@coker.com.au>
On Saturday 27 September 2003 11:43 pm, Russell Coker wrote:
> On Sun, 28 Sep 2003 06:24, Bill Laut wrote:
>
> > That's also why I threw in the reference to "extra homework" in my
> > previous post. For example, this could be a good excuse to go through
> > XFree86 and insure that there aren't any unrecognized buffer-overflow
> > vulnerabilities. It would be embarassing to say the least to release
> > SE-X, only to have it contain exploitable BO vulnerabilities--the very
> > thing that SELinux is advertised as protecting against.
>
> Absolutely! However it should be noted that SE Linux has a very expressive
> configuration language which allows detailed control over what is allowed.
> If an administrator desires Back-Orifice access to their network then the
> Security Enhanced X configuration will surely allow them to enable it.
>
This is to clarify the paragraph that you commented upon. When I used the
term "BO" I was abbreviating my earlier usage of "buffer-overflow." I
recognize that BO is the common abbreviation for "Back Orifice, and therefore
I should have used a more discriminating abbreviation. Therefore, in the
future when I abbreviate "Buffer-Overflow" I will use "BuOv."
I agree with what you said about an administrator -overtly- desiring to enable
a Back Orifice; there's no way to prevent it, and in fact it's not our place
to tell them they can't. Given its size and complexity, what I'm pondering
is the potential for as-yet undetected BuOv vulnerabilities in the existing
XFree86 code. Obviously, an appropriate policy will fence in a compromised
Xserver, so long as it wasn't installed SUID. eg, the Request passes policy
enforcement, only to then be dispatched into a module with an unforeseen BuOv
that allows a malicious Xclient to compromise the Xserver (or another Xclient
with a BuOv in Xlib that was installed SUID). That's why I was wondering if
it would be appropriate to inspect XFree86 for boundary checking of all
incoming client messages.
Bill
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2003-09-28 17:22 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-25 15:36 Emacs major mode for policy editing Eamon Walsh
2003-09-25 18:38 ` Chris PeBenito
2003-09-26 21:43 ` Bill Laut
[not found] ` <1064614177.5342.7.camel@moss-tarheels.epoch.ncsc.mil>
2003-09-27 2:09 ` Bill Laut
2003-09-27 10:24 ` Russell Coker
2003-09-27 20:24 ` Bill Laut
2003-09-28 3:43 ` Russell Coker
2003-09-28 17:25 ` Bill Laut [this message]
2003-09-29 1:33 ` Bill Laut
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200309281325.17196.wlsel@verizon.net \
--to=wlsel@verizon.net \
--cc=russell@coker.com.au \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.