Re: [PATCH 2/2] Default hooks protecting the XATTR_SECURITY_PREFIX namespace

From: Theodore Ts'o (tytso@private)
Date: Sat Jan 17 2004 - 08:41:11 PST

  • Next message: Chris Wright: "Re: [PATCH 2/2] Default hooks protecting the XATTR_SECURITY_PREFIX namespace"

    On Fri, Jan 16, 2004 at 01:20:04PM -0800, Chris Wright wrote:
    > Add default hooks for both the dummy and capability code to protect the
    > XATTR_SECURITY_PREFIX namespace.  These EAs were fully accessible to
    > unauthorized users, so a user that rebooted from an SELinux kernel to a
    > default kernel would leave those critical EAs unprotected.
    >  include/linux/security.h |    6 ++++--
    >  security/capability.c    |    3 +++
    >  security/commoncap.c     |   22 ++++++++++++++++++++++
    >  security/dummy.c         |    9 +++++++++
    >  4 files changed, 38 insertions(+), 2 deletions(-)
    Everyone realizes the protection is minimal, right?  If you boot into
    a default kernel, and administrator is careless with the system
    configs because SELinux means that "it doesn't matter" if the intruder
    cracks root, then all someone has to do is crack root when the system
    is mistakenly booted using a default kernel.  At that point, running
    debugfs or some other tool with direct access to the hard drive is the
    least of your problems; the intruder can just simply trojan some
    executable (or the kernel for that matter) that will be trusted once
    SELinux is booted again, and it's all over....
    						- Ted

    This archive was generated by hypermail 2b30 : Sat Jan 17 2004 - 10:16:48 PST