Simulating a hacker attack

pedro esteban pedro.esteba at gmail.com
Fri Sep 30 06:39:18 UTC 2005


> >>Ok here is how I have simulated what you are trying to do.
> >>
> >>cp /bin/sh /var/www/httpdsh
> >>chcon -t httpd_exec_t /var/www/httpdsh
> >>
> >>Add the following lines to
> >>/etc/selinux/targeted/src/policy/domains/misc/local.te
> >>
> >>
> >>domain_auto_trans(unconfined_t,httpd_exec_t, httpd_t)
> >>allow httpd_t devpts_t:chr_file rw_file_perms;
> >>
> >>cd /etc/selinux/targeted/src/policy/
> >>make load
> >>setsebool httpd_tty_comm=1
> >>
> >>Then run
> >>/var/www/httpdsh
> >>as root.
> >>
> >> /var/www/httpdsh
> >>httpdsh: /root/.bashrc: Permission denied
> >># id
> >>uid=0(root) gid=0(root)
> >>groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> >>context=root:system_r:httpd_t:s0-s0:c0.c127
> >># cat /etc/shadow
> >>cat: /etc/shadow: Permission denied
> >># cat /var/log/messages
> >>cat: /var/log/messages: Permission denied
> >>
> >>
> >>
> >
> >Ok, thx for the lines. It works fine when im in Xmode (xterm), but
> >when i change to console mode (tty1) if i execute /var/www/httpdsh it
> >doesnot work. Its like if i dont execute the program. I dont get to
> >the httpd bash. I dont receive any message in the console. I dont
> >receive any message in /var/log/message. I dont receive any message in
> >/var/log/audit/audit.log. Its like if it had not done anything
> >
> >What happen?
> >
> >
> You need to add getattr and ioctl to your tty.  I am adding it to Policy.
>
> You could add
>
> allow httpd_t tty_device_t:chr_file { getattr ioctl };
>
> to local.te

Ok, i have solved the problem.
I did not receive messages because i have dontaudit rules in
policy.conf. I solved this problem compililng with "make enableaudit".
(i thoug that i have done it before, sorry)

Then i add this lines to policy and now i cant execute in console.
allow httpd_t tty_device_t:chr_file { getattr ioctl }; #As Daniel J Walsh said
allow httpd_t tty_device_t:chr_file { read write };




More information about the fedora-selinux-list mailing list