Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Adding audit messge to newrole
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Wed, 21 Dec 2005 13:09:15 -0500
Yes, but I'm still not sure about the implications. Not all kernel operations compare capability sets, e.g. signals only compare the uids of the relevant tasks. So if you switch to the caller's uid while still possessing all capabilities, you may be opening yourself to manipulation by the caller. ptrace does compare the permitted sets for a subset relationship. Might still be safer to shed everything you can first, and then drop CAP_SETUID last after the setuid.
> Any reason we can't move this up earlier in main()? I would assume before, as you otherwise risk still having uid 0 and capabilities at that point if there is some locale-related exploit. Purging the environment on entry to main() wouldn't hurt either. http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/
> I generally prefer to use the stack on small programs. Its less complicated and No, there is no maximum imposed by SELinux itself. Certain kernel interfaces (/proc/pid/attr, selinuxfs) presently limit them to no more than PAGE_SIZE, but the core SELinux code doesn't bound them. xattrs are only "limited" to 64K. In any event, with the fixed value, you risk truncation of the audit message (especially the new context). -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 21 Dec 2005 - 13:02:54 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |