[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Lower Process Capabilities

On Wed, 2009-07-29 at 23:01 +1000, James Morris wrote:
> On Wed, 29 Jul 2009, Stephen Smalley wrote:
> > So I think the only piece of the proposal that is orthogonal to SELinux
> > is privilege bracketing within the program (dropping caps after use).  
> > But the changes to the file and directory permissions seem more
> > questionable.
> Once we have access control on policy itself, we may be able to provide an 
> API where an application can toggle a boolean on itself, e.g. to perform 
> one action with broader permissions, then switch to a tighter set of 
> permissions.  This might be implementable in a way which also prevents 
> applications from ever gaining more permissions (via typebounds).

We can actually already apply fine-grained access control on temporary
changes to booleans - just specify a distinct label for the boolean in
policy (via genfscon selinuxfs entries) and then control who can write
to that file type.

However, note that such changes affect all processes running in a given
domain, so it isn't precisely the same thing as process privilege

Stephen Smalley
National Security Agency

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]