SELinux - a call for end-of-life.

James Mckenzie jjmckenzie51 at earthlink.net
Thu Sep 2 14:15:55 UTC 2010 

Ed Greshko <Ed.Greshko at greshko.com> wrote:
>Sent: Sep 2, 2010 6:58 AM
>To: Community support for Fedora users <users at lists.fedoraproject.org>
>Subject: Re: SELinux - a call for end-of-life.
>
> On 09/02/2010 08:41 PM, Tim wrote:
>> Ed Greshko:
>>>>> Are you saying that you think it is a good idea to be allowed to chown
>>>>> of a file under your UID to another's UID as a normal user?
>> Tim:
>>>> You've never downloaded a file as one user, that another user wanted, or
>>>> another of your own logins needed, and then had to move it from one to
>>>> the other?
>> Ed Greshko:
>>> That wasn't my question....
>> Well it was the situation I was originally talking about.  Are you
>> saying that nobody should be allowed to do that?
>>
>I am saying that it would be fraught with danger.  You'd need to control
>who and under what circumstances a given user would be allowed to disown
>a file and transfer ownership to another.  I can see it being abused
>(intentionally or unintentionally...due to mis-configuration or whatnot)
>where an executable is "given" to a "target" and bad things could
>result.  I just see that too much thought would be needed to put this
>into practice. 
>
>In real life, I don't think it is as easy or straight forward as imagined.
>
And it should not be.

However, this portion of the thread is the first case where I could actually state that this could be a MAJOR security hazard.  Let's expand this:

1.  An account with a weak password gets compromised.
2.  This account has a file added (either FTP/SFTP upload or a malicious script is written).
3.  The ownership of this file is changed to a user with elevated privileges, but not root.

It is rather interesting, but if this is prevented, then the file remains just a space waster...

This is one of the functions of a good security system.  

However, if the user was root, this whole case changes.  A good security system should prevent or disable root login excepting a specific set known hosts or only from specific users if internal (su).

James McKenzie

More information about the users mailing list