[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: two questions
- From: Christoph Höger <choeger cs tu-berlin de>
- To: Eric Paris <eparis redhat com>
- Cc: fedora-selinux-list redhat com
- Subject: Re: two questions
- Date: Sat, 05 Jan 2008 14:58:20 +0100
Am Freitag, den 04.01.2008, 18:34 -0500 schrieb Eric Paris:
> On Fri, 2008-01-04 at 14:26 -0800, Clarkson, Mike R (US SSA) wrote:
> > Is there someplace I can go to find a description of the libselinux API?
>
> not sure, i just read the code :) the fedora libselinux-devel
> package provides man pages for most (maybe all?) of the interfaces.
>
> >
> > Is there a way to change the context of an existing process, without
> > having to execute a new process?
>
> yes, the permission is dyntransition in the process class. it is
> STRONGLY, let me say that again VERY STRONGLY, suggested that you don't
> make use of this facility. Basically you lose all seperation between
> those 2 domains. You don't have any assurance that the process before
> the transition didn't get hacked/corrupted/bugged and is now
> transitioning to a new domain but able to do the wrong things (or
> sometimes even worse not transition to the new domain at all)
Hi, I don't think that it is that bad. Basically I think if you can
transition from dom_a to dom_b that still does not include transition
back to dom_a. So you can e.g. secure a new thread which handles a
client or something without using execve.
>
> I'm not sure what the rationale was to put it in originally but please
> just find a way to do it on an execve boundary.
>
> -Eric
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]