On 09/07/2015 01:44 PM, Daniel J Walsh wrote:
On 09/03/2015 12:29 PM, Tom Rivers wrote:
> On 9/2/2015 17:25, Jason L Tibbitts III wrote
>> TR> If that is the case, then my question is this: why is SELinux
>> TR> blaming pyzor for something abrt is doing?
>>
>> Because it all happens in the context of the script. abrt basically
>> hooks into the backtrace generation logic and runs some extra code.
>> This doesn't happen in a separate process.
>
> It's the whole "abrt basically hooks into the backtrace generation
> logic" thing that I find particularly interesting. Your explanation
> makes it sound as if a separate program is able to gain access to an
> existing process and hide its true identity. I must be
> misunderstanding the nuts and bolts of this because malware does the
> exact same thing.
>
> It makes sense to me that if a running process invokes an external
> program then that request will be under the context of the running
> process because it is what is making the request. However, a program
> that has the ability to take on the guise of some other process and
> make a request under a context that is not its own means it can hide.
> I don't see how that is a good thing especially with respect to
> programs like SELinux who must be able to clearly identify who is
> doing what in order to perform its role effectively.
>
>
> Tom
> --
> selinux mailing list
> selinux(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/selinux
SELinux does will not prevent a process with the proper rights from
taking over another policy. unconfined_t or kernel_t are both allowed
to do pretty much anything they want from an SELinux point of view. A
confined process would obviously be blocked from doing this.
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
I believe there fixes in the latest Fedoras (F23/Rawhide). I would open
a new bug and discuss it also with ABRT folks.
Thank you.
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.