Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Question about chsh/chfn/passwd patches
From: Stephen Smalley <sds_at_epoch.ncsc.mil>
Date: 15 Oct 2003 14:41:30 -0400
The problem with simply preserving attributes via setxattr is that you cannot create the new file immediately with the desired attributes, so there is a window where the new file exists with the default attribute value, typically inherited from the parent directory. Note that this is particularly a concern for /etc/passwd and /etc/shadow, since they live in the same parent directory but have differing protection requirements. The SELinux setfscreatecon() interface (implemented via the /proc/pid/attr/fscreate API) allows a process to set the desired security context for subsequent file creations, similar to the umask. You'll notice that many of the SELinux patches use this interface to set the desired context prior to creating the new file, so that files are immediately created with the right context and are protected accordingly. This is one of the reasons we don't just use the EA patch for coreutils and instead have our own. -- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 15 Oct 2003 - 14:41:44 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |