autorelabel and sym links
Bruno Wolff III
bruno at wolff.to
Sun Mar 19 04:46:25 UTC 2006
On Sun, Mar 19, 2006 at 01:07:18 +0100,
Thomas Bleher <bleher at informatik.uni-muenchen.de> wrote:
>
> That's true. restorecon doesn't need (and isn't allowed to by policy) to
> read where symlinks point to. This is very helpful in preventing symlink
> attacks.
> Hardlinks are more problematic. Setfiles (which runs when the whole
> filesystem is relabeled) keeps track of hardlinks and warns if a file
> would get two different security contexts because of its different file
> names. I don't know if restorecon has a similar check but it cannot
> reliably detect this problem if it's only run on part of a filesystem.
> This is the reason you should (on targeted policy) never run restorecon
> on untrusted userdata.
Thanks that was very helpful. I didn't know that setfiles was what was
used to relabel filesystems. Its man page is pretty clear on what it does.
More information about the fedora-selinux-list
mailing list