On Sun, 19 Jul 2009, Dominick Grift wrote:
>From what i heard there were two bugs one in pulseaudio and one
in kernel.
When operating in a unconfined domain one (obviously) could exploit the kernel
without using pulseaudio To me this makes perfect sense as in my view unconfined_t
is a domain for the SElinux exempt. SELinux is built-into the kernel and so in a SELinux
environment
the kernel will always be a vulnerable spot.
Yes, although SELinux should not reduce the security of the system vs. the
default. This is the core issue from the SELinux POV.
In my environments this exploit did not work.
The exploit depends on having non-default permissions on /dev/net/tun, or
running as root, which was not made clear in the video or code. It seems
that udev on at least F9 changes the permissions on the device, so beware.
It's still a bug for SELinux, though, because it is designed to protect
against DAC weaknesses.
What this issue does show, and i think jmorris touched on this, is
that,
and i have said this many times: writing policy is one thing, but
maintaining policy is another. is that policy needs to be reviewed once
in a while.
Well, I think the underlying problem is that it should not be possible for
a policy writer to make the system less secure. It needs to be more
robust, so that policy errors at least default to the standard DAC level
of protection.
- James
--
James Morris
<jmorris(a)namei.org>