On Fri, Jan 16, 2004 at 01:20:04PM -0800, Chris Wright wrote: > Add default hooks for both the dummy and capability code to protect the > XATTR_SECURITY_PREFIX namespace. These EAs were fully accessible to > unauthorized users, so a user that rebooted from an SELinux kernel to a > default kernel would leave those critical EAs unprotected. > > include/linux/security.h | 6 ++++-- > security/capability.c | 3 +++ > security/commoncap.c | 22 ++++++++++++++++++++++ > security/dummy.c | 9 +++++++++ > 4 files changed, 38 insertions(+), 2 deletions(-) Everyone realizes the protection is minimal, right? If you boot into a default kernel, and administrator is careless with the system configs because SELinux means that "it doesn't matter" if the intruder cracks root, then all someone has to do is crack root when the system is mistakenly booted using a default kernel. At that point, running debugfs or some other tool with direct access to the hard drive is the least of your problems; the intruder can just simply trojan some executable (or the kernel for that matter) that will be trusted once SELinux is booted again, and it's all over.... - Ted
This archive was generated by hypermail 2b30 : Sat Jan 17 2004 - 10:16:48 PST