From: "Theodore Ts'o" <tytso@mit.edu>
To: Chris Wright <chrisw@osdl.org>
Cc: akpm@osdl.org, torvalds@osdl.org,
Andreas Gruenbacher <agruen@suse.de>,
Michael Kerrisk <michael.kerrisk@gmx.net>,
Stephen Smalley <sds@epoch.ncsc.mil>,
linux-kernel@vger.kernel.org, linux-security-module@wirex.com
Subject: Re: [PATCH 2/2] Default hooks protecting the XATTR_SECURITY_PREFIX namespace
Date: Sat, 17 Jan 2004 11:41:11 -0500 [thread overview]
Message-ID: <20040117164111.GA1058@thunk.org> (raw)
In-Reply-To: <20040116132004.R19023@osdlab.pdx.osdl.net>
On Fri, Jan 16, 2004 at 01:20:04PM -0800, Chris Wright wrote:
> Add default hooks for both the dummy and capability code to protect the
> XATTR_SECURITY_PREFIX namespace. These EAs were fully accessible to
> unauthorized users, so a user that rebooted from an SELinux kernel to a
> default kernel would leave those critical EAs unprotected.
>
> include/linux/security.h | 6 ++++--
> security/capability.c | 3 +++
> security/commoncap.c | 22 ++++++++++++++++++++++
> security/dummy.c | 9 +++++++++
> 4 files changed, 38 insertions(+), 2 deletions(-)
Everyone realizes the protection is minimal, right? If you boot into
a default kernel, and administrator is careless with the system
configs because SELinux means that "it doesn't matter" if the intruder
cracks root, then all someone has to do is crack root when the system
is mistakenly booted using a default kernel. At that point, running
debugfs or some other tool with direct access to the hard drive is the
least of your problems; the intruder can just simply trojan some
executable (or the kernel for that matter) that will be trusted once
SELinux is booted again, and it's all over....
- Ted
next prev parent reply other threads:[~2004-01-17 18:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-16 21:14 [PATCH 1/2] Move XATTR_SECURITY_PREFIX macro to common location Chris Wright
2004-01-16 21:20 ` [PATCH 2/2] Default hooks protecting the XATTR_SECURITY_PREFIX namespace Chris Wright
2004-01-16 23:37 ` Andreas Gruenbacher
2004-01-17 16:41 ` Theodore Ts'o [this message]
2004-01-19 18:25 ` Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040117164111.GA1058@thunk.org \
--to=tytso@mit.edu \
--cc=agruen@suse.de \
--cc=akpm@osdl.org \
--cc=chrisw@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
--cc=michael.kerrisk@gmx.net \
--cc=sds@epoch.ncsc.mil \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox