Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: [RFC PATCH] newrole suid breakdown
From: Michael C Thompson <thompsmc_at_us.ibm.com>
Date: Fri, 06 Oct 2006 16:36:58 -0500
>> Without even trying I've found six setuid-root programs that are included in a >> fairly default install of Fedora and which are never needed by the vast >> majority of users. I doubt that all six are as well audited as newrole. > > Keep in mind that newrole didn't start life as a setuid program, so it > wasn't written specifically from that perspective. It was even fairly > limited wrt SELinux - it couldn't transition you to an arbitrary role > and domain, only one that you were already authorized for in the kernel > policy (vs. su, which can serve as the gateway from any uid to any uid). > The only real power it had was access to the tty/ptys. I have a patch (its really big, so I'll try to break it down into meaningful chunks) that basically restructures newrole in a more maintainable, and paranoid, way. If I can't break it down easily, would you (the reader) be ok with reading a ~1600 line patch? Like I said, I'll try to break it down, but the changes are very wide sweeping, and hopefully a large improvement of what was there. Based on all of the previous discussion wrt checking the capabilities, if this is still desired, I can change the behavior to be:
call_do_priv_action
if !(have_right_capabilities)
That acceptable? (And is it even needed anymore due to new package?) Mike -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Fri 6 Oct 2006 - 17:37:14 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |