Steve Grubb skrev:
On Saturday 01 March 2008 06:46:50 wolf2k5 wrote:
You need to break the links to get restorecon working without complaint.
I see ...
Since this issue seems to affect all my RHEL5.1 new installations,
should it be filed as a bug?
No, this behavior is intentional. The problem is that a non-root attacker
could hardlink against a file (depending on how you partion your system and
setup directory permissions). Assuming that we allowed restorecond to relabel
without any sanity checks, restorecond will go ahead and set the extended
attributes with the correct label. At some point the file gets overwritten
which breaks the link. Now the attacker has a copy of the file with the xttr
set with the label of the original file. They could then modify the file and
use it for attacking whatever reads it.
Of course, you might be able to do some analysis with policy sources to figure
out if ultimately its safe to go ahead and allow the relabel. This is
difficult, error prone, and time consuming. Restorecond is in a race with
whatever reads the file to get its label corrected as fast as possible before
you get an avc denial. So, the simplest thing to do is just not allow
relabelling files that have a link number greater than one. Its rare that
anyone has this problem.
What you really want to do is figure out what is linking to the file. Can you
tell what that is? Does it really need to be hardlinking to the file?
-Steve
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
/etc/sysconfig/networking/profiles/default/resolv.conf
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
