Re: [RFC] [PATCH] Replace security fields with hashtable

From: Thomas Bleher (
Date: Mon Nov 01 2004 - 01:46:42 PST

[ CC-List trimmed a little ]

* Colin Walters <walters@private> [2004-10-29 16:46]:
> On Wed, 2004-10-27 at 23:23:22 -0100, Thomas Bleher wrote:
[ preventing symlink exploits between users in the same role ] 
> On idea occurred to me: Could you express this as a constraint based on
> the SELinux user identity (rather than the uid, which is untrustworthy).
> Something like this:
> constrain lnk_file read ( t2 != tmpfile or u1 == u2 );

So far this looks all pretty fine to me. I can think of one problem 
though: When a daemon is started on system boot it will run with user
identity system_u. However, if it is later restarted and
direct_sysadm_daemon is in effect, it will run in another user
identity which is authorized for system_r, most probably root.

So, does anyone know of any daemon which puts symlinks under /tmp and
expects to read them after a restart?


-- - my SELinux pages
GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA  D09E C562 2BAE B2F4 ABE7

This archive was generated by hypermail 2.1.3 : Mon Nov 01 2004 - 01:47:00 PST