Proof is in the pudding
yersinia
yersinia.spiros at gmail.com
Fri May 17 05:16:37 UTC 2013
All the above was already discussed in the relevant bugzilla entry.
and some part of the discussion was written by myself also.and iirc
something similar already happened some years ago. Not a selinux, or
apparmor, problem however.
Best
2013/5/17, Tristan Santore <tristan.santore at internexusconnect.net>:
> On 17/05/13 02:32, Trevor Hemsley wrote:
>> On 17/05/13 01:03, Douglas Brown wrote:
>>> Hi all,
>>>
>>> You may have seen this vulnerability talked about
>>> recently:
>>> http://arstechnica.com/security/2013/05/critical-linux-vulnerability-imperils-users-even-after-silent-fix/
>>>
>>> After a long time of evangelising about SELinux to my sceptical
>>> colleagues, this seemed like the perfect opportunity to test it.
>>>
>>> We tried the exploit with SELinux in permissive mode and it worked then
>>> in enforcing and SELinux prevented it! Not that I'm surprised, but it's
>>> nice to have a real-world exploit to demonstrate.
>>
>> Unfortunately, whatever you tested was not this.
>>
>> $ ls -la sem*
>> -rwxrwxr-x. 1 trevor trevor 10007 May 14 13:39 semtex
>> -rw-rw-r--. 1 trevor trevor 2488 May 14 13:39 semtex.c
>> $ getenforce
>> Enforcing
>> $ uname -a
>> Linux hostname 2.6.32-358.6.1.el6.x86_64 #1 SMP Tue Apr 23 19:29:00 UTC
>> 2013 x86_64 x86_64 x86_64 GNU/Linux
>> $ ./semtex
>> 2.6.37-3.x x86_64
>> sd at fucksheep.org 2010
>> -sh-4.1#
>>
>> Sorry.
>>
>> Trevor
>> --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
> Trevor,
> Are you running targeted policy ? If so, the normal users are
> unconfined_u, that is unconfined_u:object_r:user_home_t:s0.
>
> If you make the user confined, you get something like this, for example:
> 2.6.37-3.x x86_64
> sd at fucksheep.org 2010
> -sh: /home/$USER/.profile: Permission denied
> -sh-4.1# ^C
> -sh-4.1# kill -9 19457
> -sh: kill: (19457) - Operation not permitted
> -sh-4.1# init 6
> -sh: init: command not found
> -sh-4.1# su
> -sh: su: command not found
>
> But as I said, you could modify the exploit to turn of selinux.
>
> So, SElinux kind of mitigates the attack, but it is not a fix, just an
> obstacle.
>
> SElinux can never really be a system to implement a 100% secure system,
> like many other technologies that do the same.
> The golden rule is: There is no 100% secure system.
>
> However, I think we should all be grateful, that linux has various
> mitigation technologies available to it.
>
> Regards,
> Tristan
>
> --
> Tristan Santore BSc MBCS
> TS4523-RIPE
> Network and Infrastructure Operations
> InterNexusConnect
> Mobile +44-78-55069812
> Tristan.Santore at internexusconnect.net
>
> Former Thawte Notary
> (Please note: Thawte has closed its WoT programme down,
> and I am therefore no longer able to accredit trust)
>
> For Fedora related issues, please email me at:
> TSantore at fedoraproject.org
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
--
Inviato dal mio dispositivo mobile
More information about the selinux
mailing list