Re: Would SELinux prevent that with the current policy?

[James Morris <jmorris namei org>]

On Sun, 19 Jul 2009, Dominick Grift wrote:

> >From what i heard there were two bugs one in pulseaudio and one in kernel. 
> When operating in a unconfined domain one (obviously) could exploit the kernel 
> without using pulseaudio To me this makes perfect sense as in my view unconfined_t 
> is a domain for the SElinux exempt. SELinux is built-into the kernel and so in a SELinux environment
> the kernel will always be a vulnerable spot.

Yes, although SELinux should not reduce the security of the system vs. the 
default.  This is the core issue from the SELinux POV.

> In my environments this exploit did not work.

The exploit depends on having non-default permissions on /dev/net/tun, or 
running as root, which was not made clear in the video or code.  It seems 
that udev on at least F9 changes the permissions on the device, so beware.

It's still a bug for SELinux, though, because it is designed to protect 
against DAC weaknesses.

> What this issue does show, and i think jmorris touched on this, is that,
> and i have said this many times: writing policy is one thing, but
> maintaining policy is another. is that policy needs to be reviewed once
> in a while.

Well, I think the underlying problem is that it should not be possible for 
a policy writer to make the system less secure.  It needs to be more 
robust, so that policy errors at least default to the standard DAC level 
of protection.


- James
-- 
James Morris
<jmorris namei org>