On Wed, 2004-10-27 at 13:48 -0400, Valdis.Kletnieks@private wrote:
> (It's basically Solar Designer's "Don't follow a symlink out of a o+w directory"
> patch. security_safe_symlink is a sysctl boolean).
>
> How do you express that as an SELinux policy?
You wouldn't express "don't follow symlink out of o+w directory"
directly in SELinux, because it's not really a security goal. It's a
means of implementing a security goal (in this case, preventing a
program from following a potentially untrusted symlink).
You can quite easily express "don't allow program to follow untrusted
symlink" in SELinux by simply not granting it { read } permission for
<target>:lnk_file.
By the way, I'm pretty sure your LSM is insufficient in the presence of
ACLs.
This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 10:55:58 PDT