Needs to prevent executing su.
Thomas Bleher
bleher at informatik.uni-muenchen.de
Fri Jun 11 18:59:24 UTC 2004
* Thomas Bleher <bleher at informatik.uni-muenchen.de> [2004-06-11 16:32]:
> You should note that every uid==0 process can change its uid to anything
> else, SELinux doesn't restrict this at all.
> You can test this as root and user_r with the following perl command:
> $ perl -MPOSIX -e 'POSIX::setuid(1000);system("id");'
I thought about this a bit more and think that my previous posting was
incorrect. (I'm not sure and can't test ATM, so it would be nice if
someone could correct me if I'm wrong).
Setting the uid in a program should be covered by the setuid capability,
so this is controllable by SELinux policy. What is not covered (IIRC)
are setuid executables.
Thomas
--
http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages
GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA D09E C562 2BAE B2F4 ABE7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20040611/c7218f54/attachment.bin
More information about the selinux
mailing list