SELinux Testing Software/Scripts

[Daniel J Walsh]

Alex Ackerman wrote:

> This may sound like an odd request, but I am currently working on my 
> master’s thesis on the topic of SELinux integration into the 
> workplace. Part of the analysis involves testing the security 
> containment capabilities of SELinux; i.e., making sure that SELinux 
> functions as advertised when dealing with events of escalating 
> privilege. Does anyone on this list have any recommendations on 
> scripts or programs which can test these capabilities? My test 
> platforms are Fedora Core 3 (once released) and Red Hat Enterprise 
> Linux v4.0 Beta 1. My current thinking would be to downgrade certain 
> packages (httpd, etc) to a known vulnerable state and test, but would 
> like to know how the members on the list test their systems. Any help 
> would be appreciated. I can be reached at ackermal at jmu dot edu or 
> alex at darkhonor dot com if you would like to discuss this off-list. 
> Thank you for any assistance.
>
> Alex Ackerman
>
> James Madison University
>
>------------------------------------------------------------------------
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
I don't have any test scripts but i think rolling back the packages to 
one with a known vulerability would work, but since one goal of a hacker 
is to get a root shell, you could use runcon with a shell script to 
simulate what would happen if a hacker was successfull.

runcon -t httpd_t /bin/sh

Of course I can only get this to work in permissive mode. Setting it to 
enforcing kills the shell since it can not access the tty.
Also get an error "execvp: Permission denied" in enforcing.

Dan