Simulating a hacker attack

Daniel J Walsh dwalsh at
Wed Sep 28 15:18:33 UTC 2005

pedro esteban wrote:

>>Ok here is how I have simulated what you are trying to do.
>>cp /bin/sh /var/www/httpdsh
>>chcon -t httpd_exec_t /var/www/httpdsh
>>Add the following lines to
>>domain_auto_trans(unconfined_t,httpd_exec_t, httpd_t)
>>allow httpd_t devpts_t:chr_file rw_file_perms;
>>cd /etc/selinux/targeted/src/policy/
>>make load
>>setsebool httpd_tty_comm=1
>>Then run
>>as root.
>> /var/www/httpdsh
>>httpdsh: /root/.bashrc: Permission denied
>># id
>>uid=0(root) gid=0(root)
>># cat /etc/shadow
>>cat: /etc/shadow: Permission denied
>># cat /var/log/messages
>>cat: /var/log/messages: Permission denied
>Ok, thx for the lines. It works fine when im in Xmode (xterm), but
>when i change to console mode (tty1) if i execute /var/www/httpdsh it
>doesnot work. Its like if i dont execute the program. I dont get to
>the httpd bash. I dont receive any message in the console. I dont
>receive any message in /var/log/message. I dont receive any message in
>/var/log/audit/audit.log. Its like if it had not done anything
>What happen?
You need to add getattr and ioctl to your tty.  I am adding it to Policy.

You could add

allow httpd_t tty_device_t:chr_file { getattr ioctl };

to local.te


More information about the fedora-selinux-list mailing list