[rsbac] Feature request: type_user_owner_def_fd_create after chown
Javier J. Martínez Cabezón
tazok.id0 at gmail.com
Sun Jan 18 18:50:39 CET 2009
For now I could remove FS_MASK capability in max_caps of user root,
but it seems more a hack than a proper solution... since all users
that has this capabilities on (as my updater_r) could do nasty
things....
2009/1/18 Javier J. Martínez Cabezón <tazok.id0 en gmail.com>:
> I think we have not this functionality, when you make a login with
> login or by ssh the terminal (tty or pty) gets one change_owner to the
> user one (permissions changed to avoid other users sniffing in the
> terminal but root is not restricted), the problem is that the fd's
> rc_type and the dev's rc_type did not change. With static devices the
> device is not created, only chowned. If we could change this
> rc_dev_type (better than rc_fd_type) to one only owned by the user we
> could close one attack vector from root (for example with TIOCSTI
> ioctl).
>
> Until now I only could make that tty5 and tty6 get one different DEV
> type (security device) that only secoff has rights against him, and
> tty4 assigned to the role updater_r with a new dev type and fd_type
> updater_device (the lonely one who could install binaries and update
> of the system), however this is not useful for ssh logins and not very
> flexible.
>
> What do you think? It's a good idea? Could it be implemented?
>
> If devices are created on the fly (udev?) it could be useful to have
> the option to assign it to the user owner after chown (something like:
> def_fd_create_ind_type my_fd_devdir_type use_def_user_after_chown).
>
More information about the rsbac
mailing list