Linux setuid bug

Linux setuid bug

[Jacques Richer]

It didn't look like they did _anything_ to the code beyond the changes
needed for "flask". I think this was a very clear decision on their
part.
On the other hand, using domains and roles to control process privilege
could potentially make the setuid() bug more of a bother than a major
hole.

(This does _not_ imply that I believe it should not be fixed. It clearly
needs to
happen. This is probably the reason behind the push to update their code
for a
newer operating system kernel...)

                                                Jacques Richer



You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Linux setuid bug

[Tom]

On Sat, Dec 23, 2000 at 09:09:54PM -0500, Jacques Richer wrote:
> It didn't look like they did _anything_ to the code beyond the changes
> needed for "flask". I think this was a very clear decision on their
> part.

second that. from what I've seen in the patchfiles, the only actual
changes were to implement the domain/role concept. which, I believe, is
a good thing since it means you can much more easily merge these
changes with other security fixes that have happened in the meantime
(or will happen in the near future).

what I'd like to know is whether there's been any code auditing during
the development. did anyone at NSA look for security problems within
the kernel and/or user-space programs they have been working on?



-- 
-- http://www.lemuria.org
-- http://www.Nexus-Project.net
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Linux setuid bug

[Jacques Richer]

Tom wrote:

> On Sat, Dec 23, 2000 at 09:09:54PM -0500, Jacques Richer wrote:
> > It didn't look like they did _anything_ to the code beyond the changes
> > needed for "flask". I think this was a very clear decision on their
> > part.
>
> second that. from what I've seen in the patchfiles, the only actual
> changes were to implement the domain/role concept. which, I believe, is
> a good thing since it means you can much more easily merge these
> changes with other security fixes that have happened in the meantime
> (or will happen in the near future).
>
> what I'd like to know is whether there's been any code auditing during
> the development. did anyone at NSA look for security problems within
> the kernel and/or user-space programs they have been working on?
>
> --
> -- http://www.lemuria.org
> -- http://www.Nexus-Project.net
> --
> You have received this message because you are subscribed to the selinux list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.

The notes on their website indicate that they have _not_ done a comprehensive
audit, and
that this was only a patch to address one set of issues.

                                Jacques Richer


You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.