Simulating a hacker attack
pedro esteban
pedro.esteba at gmail.com
Wed Sep 28 14:46:18 UTC 2005
>Ok here is how I have simulated what you are trying to do.
>
> cp /bin/sh /var/www/httpdsh
> chcon -t httpd_exec_t /var/www/httpdsh
>
> Add the following lines to
> /etc/selinux/targeted/src/policy/domains/misc/local.te
>
>
> domain_auto_trans(unconfined_t,httpd_exec_t, httpd_t)
> allow httpd_t devpts_t:chr_file rw_file_perms;
>
> cd /etc/selinux/targeted/src/policy/
> make load
> setsebool httpd_tty_comm=1
>
> Then run
> /var/www/httpdsh
> as root.
>
> /var/www/httpdsh
> httpdsh: /root/.bashrc: Permission denied
> # id
> uid=0(root) gid=0(root)
> groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> context=root:system_r:httpd_t:s0-s0:c0.c127
> # cat /etc/shadow
> cat: /etc/shadow: Permission denied
> # cat /var/log/messages
> cat: /var/log/messages: Permission denied
>
Ok, thx for the lines. It works fine when im in Xmode (xterm), but
when i change to console mode (tty1) if i execute /var/www/httpdsh it
doesnot work. Its like if i dont execute the program. I dont get to
the httpd bash. I dont receive any message in the console. I dont
receive any message in /var/log/message. I dont receive any message in
/var/log/audit/audit.log. Its like if it had not done anything
What happen?
More information about the fedora-selinux-list
mailing list