SElinux policy for pine

Fri Jul 29 02:42:21 UTC 2005

Hi all,

First, sorry for my English.
I wrote a set of SELinux policy rules for pine ( pine-4.63-1.i386.rpm)
on FC4 (targeted).
It works well IF no email attachments involved. As root, you are able
to browse the
whole filesystem: get a file from anywhere as the attachment or save
the attachment
to anywhere you like. Does this make the security policy totally broken?

At the same time, I was also evaluating LIDS (lids.org). As for pine
under LIDS,
it has same problem: it requires WRITE (including READ) permission to "/" 
(inode number of "/"). For SELinux, since the policy is based on
domain/type, it is
even worse in the sense of policy writing: it requires one rw_dir_file
rule for each of
several hundreds of types on the whole filesystem, so several hundreds
of rules will
be added.

I was thinking if there is a chroot mode for pine but I could not find
any useful info.

Another potential way to solve this problem is that to create a
directory under user's
(root's) home direcroty, which is only used to store email
attachments: you need
copy files from everywhere else to this directory before you can upload them as 
outgoing attachments; and all incoming attachments will be saved to
this directory
first, then you can copy or move them to somewhere else. By doing this, we can 
write corresponding policy to label this directory and grant permissions.

Any suggestions?

James

Enclosed pls find my pine.fc and pine.te files

################################
#/etc/selinux/targeted/src/policy/file_contexts/program/pine.fc
# pine.fc
# Authors:  james.zheng.li at gmail.com
################################
/usr/bin/mailutil       --      system_u:object_r:pine_exec_t
/usr/bin/pico       --      system_u:object_r:pine_exec_t
/usr/bin/pilot       --      system_u:object_r:pine_exec_t
/usr/bin/pine       --      system_u:object_r:pine_exec_t
/usr/bin/rpdump       --      system_u:object_r:pine_exec_t
/usr/bin/rpload       --      system_u:object_r:pine_exec_t
/usr/sbin/mlock       --      system_u:object_r:pine_exec_t

/etc/pine\.info       --      system_u:object_r:pine_etc_t
/etc/pine\.conf       --      system_u:object_r:pine_etc_t
/etc/pine\.conf\.fixed       --      system_u:object_r:pine_etc_t

HOME_DIR/mail(/.*)?             system_u:object_r:pine_user_home_t
HOME_DIR/\.addressbook(\.lu)?   --      system_u:object_r:pine_user_home_t
HOME_DIR/\.pine-debug[1-4]      --      system_u:object_r:pine_user_home_t
HOME_DIR/\.pinerc       --      system_u:object_r:pine_user_home_t
HOME_DIR/\.newsrc       --      system_u:object_r:pine_user_home_t
HOME_DIR/\.signature    --      system_u:object_r:pine_user_home_t
HOME_DIR/\.mailcap      --      system_u:object_r:pine_user_home_t
HOME_DIR/\.mime\.types  --      system_u:object_r:pine_user_home_t
HOME_DIR/\.pine-interrupted-mail        --     
system_u:object_r:pine_user_home_t
HOME_DIR/dead\.letter   --      system_u:object_r:pine_user_home_t

#################################
#/etc/selinux/targeted/src/policy/domains/program/pine.te
# pine.te
# Authors:  james.zheng.li at gmail.com
#################################
#
# Rules for the pine domain.
#
# pine_t is the domain for the pine program
# pine_exec_t is the type of the corresponding program.
#
type pine_t, domain,privmail,nscd_client_domain;
type pine_exec_t, file_type, sysadmfile, exec_type;
type pine_user_home_t, file_type, sysadmfile, customizable;
type pine_etc_t, file_type, sysadmfile;

role sysadm_r types pine_t;
role system_r types pine_t;
#role user_r types pine_t;

domain_auto_trans(sysadm_t, pine_exec_t, pine_t)
#domain_auto_trans(initrc_t, pine_exec_t, pine_t)

file_type_auto_trans(pine_t,user_home_dir_t,pine_user_home_t,dir_file_class_set)
general_domain_access(pine_t)
tmp_domain(pine)
can_exec(pine_t, pine_exec_t)

read_sysctl(pine_t)
uses_shlib(pine_t)
allow pine_t devpts_t:chr_file create_file_perms;
allow pine_t devpts_t:dir search;
allow pine_t etc_t:file { getattr read };
allow pine_t etc_t:lnk_file read;
read_locale(pine_t)
allow pine_t mail_spool_t:dir rw_dir_perms;
allow pine_t mail_spool_t:file create_file_perms;
allow pine_t proc_t:dir search;
allow pine_t proc_t:lnk_file read;
allow pine_t urandom_device_t:chr_file getattr;
allow pine_t usr_t:file read;
allow pine_t var_spool_t:dir search;
allow pine_t fs_t:filesystem getattr;
allow pine_t net_conf_t:file r_file_perms;
allow pine_t sbin_t:dir search;
allow pine_t sbin_t:lnk_file read;
allow system_mail_t pine_tmp_t:file { read write };
allow system_mail_t pine_user_home_t:file { read write };
allow pine_t home_root_t:dir { getattr search };
allow pine_t self:capability { fsetid fowner};