I wanted to open a discussion for F12 about running services on shell accounts.
Bruno Wolff III
bruno at wolff.to
Fri May 1 21:34:37 UTC 2009
On Fri, May 01, 2009 at 10:31:12 -0400,
Daniel J Walsh <dwalsh at redhat.com> wrote:
> I would like to run restorecond as a user service rather then as system
> service. I want to run it under the Users UID and under with the users
> context.
>
> Then I can have it watch for creation of files in the users home
> directory and be the equivalent of running restorecon ~/ by the user.
This seems to increase the risk of hostile apps being able to get executables
relabelled to something they couldn't do directly. If the app has the ability
to write the directory it can replace a file labelled with a label it couldn't
couldn't assign directly with another file and then wait for restorecond to
change the label.
While the same thing would happen with a relabel or running restorecon
manually, currently there is a lot more opportunity to discover the problem
before the file is relabelled.
More information about the fedora-devel-list
mailing list