On Thu, 2004-04-15 at 08:18, Gene Czarcinski wrote:
What make -C /etc/security/selinux/src/policy/ relabel appears to do
is to go
through the all mounted filesystems and set the attributes depending on the
rules it has. The question is, does it follow symbolic links or not. If it
does not, then there should not be a problem as long as all of the policy
rules always use the actual (non-symbolic-link) path AND make sure we do also
if we do something manually.
setfiles does not follow symlinks during the traversal (FTW_PHYS). It
also attempts to detect multiple hard links to the same file and issue
warnings if they would yield different security contexts.
However, I can see a problem occurring if it does follow symbolic
because the process likely occurs in sorted order. Now /tmp is clears (or so
it says and, I hope, that means /var/tmp/ also), so I should not be able to
rename /usr/X11R6/bin/Xorg. However, what if I had a symbolic link from my
home directory to something in /etc. Would that get mislabeled?
setfiles doesn't follow symlinks during the traversal, but there is a
legitimate concern about malicious symlinks created during the traversal
after descent. At present, this is mitigated by policy - setfiles is
not allowed to follow untrustworthy symlinks.
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency