Magic paths for service registration
fweimer at redhat.com
Mon Jun 10 08:10:17 UTC 2013
I'm investigating things beyond SUID/SGID which are related to trust
transitions and visible in the file system, mainly due to the use of
magic paths. I'm aiming for a fairly general concept of "trust
transition", and I include altering browser actions when clicking on a
hyperlink as far as they are influenced by file type registrations.
Here's what I came up with so far. I only include things that can
somehow be hooked by packages, which rules out files such as
/etc/inittdb and user crontabs.
D-Bus and polkit:
Launching daemons or other background processes:
/usr/lib/systemd/system plus other paths listed in systemd.unit(5).
*.desktop and *.protocol file registries:
(Or in general, *.desktop files with with an Exec= line.)
I'm not sure if anything related to shared-mime-info should appear in
this list. As far as I can tell, the MIME types by themselves are harmless.
On top of that, there are other things code can do to expose itself
across trust boundaries (networking, creation of temporary files, etc.),
but detecting that requires different approaches.
The overall idea here is to identify parts of Fedora which would benefit
most from a closer look, without actually looking at all Fedora packages
Florian Weimer / Red Hat Product Security Team
More information about the devel