All of lore.kernel.org
 help / color / mirror / Atom feed
From: dwalsh@redhat.com (Daniel J Walsh)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH/RFC] Add support for the skype_t domain
Date: Thu, 04 Aug 2011 10:22:07 -0400	[thread overview]
Message-ID: <4E3AAB0F.70405@redhat.com> (raw)
In-Reply-To: <1312450465.2050.21.camel@localhost.localdomain>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/04/2011 05:34 AM, Dominick Grift wrote:
> 
> 
> On Thu, 2011-08-04 at 19:00 +1000, Russell Coker wrote:
> 
>> But these aren't the only such files.  I'm sure that there are
>> other files that may be executable by common programs that run as
>> user_t.  Making a comprehensive list will be difficult.  Also there
>> are lots of local config files that don't get fuzz testing because
>> writing to them requires equivalent privs to messing with the
>> application directly.
>> 
> 
> In a pretty much perfect confined user environment those are the
> only files that come to mind here atleast.
> 
> The implementation would rely heavily on name file transition 
> functionality and/or the presence of restorecond -u running in the 
> session.
> 
>> The assumption all along was that user_home_t was in most ways the
>> most privileged of all types for files under the user home
>> directory (with the possible exception of gpg_secret_t).  Changing
>> this assumption isn't going to be easy.
>> 
> 
> Agreed there. For this to work, basically everything in the user 
> environment needs to be confined. Starting with the layer between
> the user and the system (the desktop environment)
> 
> Unfortunately it is not going to happen. At least not any time soon.
> 
> I can understand that for this reason (currently too much work, too 
> difficult to maintain) but i do not understand that reference policy 
> accepts a workaround like the one that is proposed for skype.
> 
> Tool little benefit and an endorsement that we should accept
> workarounds like these. what if i propose a similar patch for lets
> say Ekiga (what about empathy (insert the next gui app here)), are we
> going to implement a boolean for its file sharing functionality to?
> where is it going to end?
> 
> Might as well ignore the GUI environment altogether until we find a 
> solution that actually deals with integrity issues in a more
> credible way.
> 
> end of rant.
> 
> 
> 
> _______________________________________________ refpolicy mailing
> list refpolicy at oss.tresys.com 
> http://oss.tresys.com/mailman/listinfo/refpolicy


Best solution would be to have a helper File Selector app that does the
opening of files from the file manager and then passes the open file
descriptor to the application.  That way you could prevent the random
opening of files in the homedir, while allowing apps to read/write any
passed in file descriptors.

But alas this is not the way it works...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk46qw4ACgkQrlYvE4MpobPVZACgqiwfrOMQMj0nv4rEzc9Xafrh
Oj8AoJreyxS3uu73wchry90kgDX2G0Cv
=B8M1
-----END PGP SIGNATURE-----

      reply	other threads:[~2011-08-04 14:22 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-07-24 15:38 [refpolicy] [PATCH/RFC] Add support for the skype_t domain Sven Vermeulen
2011-07-29 12:59 ` Christopher J. PeBenito
2011-08-03 13:42   ` Sven Vermeulen
2011-08-03 13:56     ` Daniel J Walsh
2011-08-03 17:48       ` Christopher J. PeBenito
2011-08-03 14:04     ` Dominick Grift
2011-08-03 23:04       ` Russell Coker
2011-08-04  8:41         ` Dominick Grift
2011-08-04  9:00           ` Russell Coker
2011-08-04  9:34             ` Dominick Grift
2011-08-04 14:22               ` Daniel J Walsh [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4E3AAB0F.70405@redhat.com \
    --to=dwalsh@redhat.com \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.