Re: [PATCH 2/2] Default hooks protecting the XATTR_SECURITY_PREFIX namespace

[Theodore Ts'o]

On Fri, Jan 16, 2004 at 01:20:04PM -0800, Chris Wright wrote:
> Add default hooks for both the dummy and capability code to protect the
> XATTR_SECURITY_PREFIX namespace.  These EAs were fully accessible to
> unauthorized users, so a user that rebooted from an SELinux kernel to a
> default kernel would leave those critical EAs unprotected.
> 
>  include/linux/security.h |    6 ++++--
>  security/capability.c    |    3 +++
>  security/commoncap.c     |   22 ++++++++++++++++++++++
>  security/dummy.c         |    9 +++++++++
>  4 files changed, 38 insertions(+), 2 deletions(-)

Everyone realizes the protection is minimal, right?  If you boot into
a default kernel, and administrator is careless with the system
configs because SELinux means that "it doesn't matter" if the intruder
cracks root, then all someone has to do is crack root when the system
is mistakenly booted using a default kernel.  At that point, running
debugfs or some other tool with direct access to the hard drive is the
least of your problems; the intruder can just simply trojan some
executable (or the kernel for that matter) that will be trusted once
SELinux is booted again, and it's all over....

						- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/