SELinux Testing Software/Scripts
Erich Schubert
erich at debian.org
Sun Oct 17 01:01:54 UTC 2004
Hi,
> as i understand it, there is no "escalation" present in SE/Linux,
> only that assigned in the minds of us humans.
[...]
> that's a bit different from "escalating privilege" because that implies
> hierarchy, which SE/Linux doesn't have, per-se.
As long as you have roles with certain higher privileges (for example
writing to configuration files, binding to arbitrary ports, loading a
new policy...) there is privilege escalation.
Privilege escalation just means getting more rights than you were
supposed to get. You usually don't care about losing access rights,
because you could have done things there earlier. Its only about getting
a privilege you want to have.
Even in normal Linux, becoming root might give you less access rights in
some specific cases. For example with NFS mounts that do root_squash.
(Of course there may be ways of circumventing this, these may exist in
SELinux, too)
Another important aspect in the use of the term "privilege escalation"
is doing multiple steps to get the privileges you really want. A typical
theoretical example is using a game as nobody to get group access to
games, then using this to exploit some game and finally get access to a
user account (which could then be used to get futher access rights)
- referring to the problem that by itself you wouldn't mind for the
"games" group rights, still this may open new points of entry for an
attacker.
Greetings,
Erich Schubert
--
erich@(vitavonni.de|debian.org) -- GPG Key ID: 4B3A135C (o_
A man doesn't know what he knows until he knows what he doesn't know. //\
Wer keine Zeit mehr mit echten Freunden verbringt, der wird bald V_/_
sein Gleichgewicht verlieren. --- Michael Levine
More information about the fedora-selinux-list
mailing list