SELinux - a call for end-of-life.
James Mckenzie
jjmckenzie51 at earthlink.net
Thu Sep 2 14:15:55 UTC 2010
Ed Greshko <Ed.Greshko at greshko.com> wrote:
>Sent: Sep 2, 2010 6:58 AM
>To: Community support for Fedora users <users at lists.fedoraproject.org>
>Subject: Re: SELinux - a call for end-of-life.
>
> On 09/02/2010 08:41 PM, Tim wrote:
>> Ed Greshko:
>>>>> Are you saying that you think it is a good idea to be allowed to chown
>>>>> of a file under your UID to another's UID as a normal user?
>> Tim:
>>>> You've never downloaded a file as one user, that another user wanted, or
>>>> another of your own logins needed, and then had to move it from one to
>>>> the other?
>> Ed Greshko:
>>> That wasn't my question....
>> Well it was the situation I was originally talking about. Are you
>> saying that nobody should be allowed to do that?
>>
>I am saying that it would be fraught with danger. You'd need to control
>who and under what circumstances a given user would be allowed to disown
>a file and transfer ownership to another. I can see it being abused
>(intentionally or unintentionally...due to mis-configuration or whatnot)
>where an executable is "given" to a "target" and bad things could
>result. I just see that too much thought would be needed to put this
>into practice.
>
>In real life, I don't think it is as easy or straight forward as imagined.
>
And it should not be.
However, this portion of the thread is the first case where I could actually state that this could be a MAJOR security hazard. Let's expand this:
1. An account with a weak password gets compromised.
2. This account has a file added (either FTP/SFTP upload or a malicious script is written).
3. The ownership of this file is changed to a user with elevated privileges, but not root.
It is rather interesting, but if this is prevented, then the file remains just a space waster...
This is one of the functions of a good security system.
However, if the user was root, this whole case changes. A good security system should prevent or disable root login excepting a specific set known hosts or only from specific users if internal (su).
James McKenzie
More information about the users
mailing list