[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: /sbin/restorecon and hard links

From: Stephen Smalley <sds tycho nsa gov>
To: Erik Sjölund <erik sjolund gmail com>
Cc: fedora-selinux-list redhat com
Subject: Re: /sbin/restorecon and hard links
Date: Wed, 15 Feb 2006 10:19:08 -0500

On Wed, 2006-02-15 at 09:01 -0500, Stephen Smalley wrote:
> Yes, running restorecon on /home by root considered harmful,
> particularly under targeted policy.  Under strict policy, a user can't
> create hard links to system files (controlled by the 'link' permission),
> which helps avoid the problem, and restorecon and setfiles aren't
> allowed to follow untrustworthy symlinks by the policy.  setfiles also
> contains code to check for multiple hard links with conflicting matches,
> so if you run setfiles on /, it should complain about the discrepancy,
> but restorecon doesn't do that and even if it did it naturally can't
> tell that when it is just run on /home.

BTW, it is important to remember here that targeted policy doesn't try
to confine users (just specific programs and daemons) and that
relabeling /etc/passwd or other system files doesn't give the user any
greater access since he is already unconfined as far as SELinux is
concerned.

-- 
Stephen Smalley
National Security Agency

Follow-Ups:
- Re: /sbin/restorecon and hard links
  - From: John Reiser

References:
- /sbin/restorecon and hard links
  - From: Erik Sjölund
- Re: /sbin/restorecon and hard links
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]