On 09/03/2015 12:17 PM, Tom Rivers
wrote:
On 9/2/2015 17:10, Daniel J Walsh wrote:
Abort must have been executed under the pyzor context. All
SELinux is reporting what the kernel sees.
For the record, I freely admit to not understanding the mechanism
by which this happened, so if I am totally off base with what I'm
about to suggest I apologize for my ignorance.
Isn't the fact a separate entity like abrt can make itself look
like python was to blame for something it did a cause for some
concern? Is it possible some malicious program could use this
same masquerade process to assume the identity of some other
process and do things SELinux wouldn't normally allow?
Tom
If you can somehow get a confined application to execute a program
and SELinux allows the executing of that program in the current
context, then it will get the same privileges.
So yes if you can convince a program to do this you are potentially
in trouble, but less trouble with SELinux then without.
As far as Abrt is concerned, I think there is some kernel mechanism
at work here where applications somehow exec this helper when they
crash.
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux