Simulating a hacker attack
pedro esteban
pedro.esteba at gmail.com
Tue Sep 27 13:31:27 UTC 2005
> Ok here is how I have simulated what you are trying to do.
>
> cp /bin/sh /var/www/httpdsh
> chcon -t httpd_exec_t /var/www/httpdsh
>
> Add the following lines to
> /etc/selinux/targeted/src/policy/domains/misc/local.te
>
>
> domain_auto_trans(unconfined_t,httpd_exec_t, httpd_t)
> allow httpd_t devpts_t:chr_file rw_file_perms;
>
> cd /etc/selinux/targeted/src/policy/
> make load
> setsebool httpd_tty_comm=1
>
> Then run
> /var/www/httpdsh
> as root.
>
> /var/www/httpdsh
> httpdsh: /root/.bashrc: Permission denied
> # id
> uid=0(root) gid=0(root)
> groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> context=root:system_r:httpd_t:s0-s0:c0.c127
> # cat /etc/shadow
> cat: /etc/shadow: Permission denied
> # cat /var/log/messages
> cat: /var/log/messages: Permission denied
ok, finally I have obtained it works! thanks
But still I have a problem, when i do a non-allowed operation i can
not see the avc dennied message in the /var/log/messeges. i have
tried to solve it compiling with the option "make enableaudit" and
also doing the operation in permissive mode, but still doesnt work.
More information about the fedora-selinux-list
mailing list