On Wed, 2004-10-27 at 17:26 -0400, Valdis.Kletnieks@private wrote: > On Wed, 27 Oct 2004 17:13:53 EDT, Colin Walters said: > > > > No - that's a different attack than I'm worried about. I'm looking at > > > the case of being redirected to stomp on my *own* files that I have the > > > privs to. You run gcc, gcc creates a tempfile in /tmp, that accidentally > > > follows a symlink, and your ~/.foo file gets clobbered (yes, they fixed *= > > that* > > > bug in gcc a while ago). > > > > Who created the symlink in this attack? > > The attacker (usually running as 'generic user') The attacker's uid is irrelevant to SELinux. For example: http://www.kb.cert.org/vuls/id/35842 Here the makewhatis script will run as the system_crond_t, which doesn't have permission to read e.g. user_tmp_t, according to apol. Thus an exploit is prevented. And here, sudo doesn't (AFAICS) run in a separate domain with SELinux, and thus no extra privileges can be gained by an attacker. http://www.kb.cert.org/vuls/id/424358 This one is the same as makewhatis, assuming you run tripwire from cron: http://www.kb.cert.org/vuls/id/349019 etc. As far as I can see, all of these attacks would be stopped by the example SELinux policy.
This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 14:40:58 PDT