two questions
Stephen Smalley
sds at tycho.nsa.gov
Mon Jan 7 15:45:38 UTC 2008
On Mon, 2008-01-07 at 09:43 +1100, James Morris wrote:
> On Fri, 4 Jan 2008, Eric Paris wrote:
>
> > yes, the permission is dyntransition in the process class. it is
> > STRONGLY, let me say that again VERY STRONGLY, suggested that you don't
> > make use of this facility. Basically you lose all seperation between
> > those 2 domains. You don't have any assurance that the process before
> > the transition didn't get hacked/corrupted/bugged and is now
> > transitioning to a new domain but able to do the wrong things (or
> > sometimes even worse not transition to the new domain at all)
> >
> > I'm not sure what the rationale was to put it in originally but please
> > just find a way to do it on an execve boundary.
>
> Dynamic transitions were added for privileged MLS applications, which
> sometimes need to implement privilege bracketing (i.e. changing security
> level for some operation). It should be thought of as a legacy MLS
> feature and not otherwise used.
It has also been suggested as a way of dealing with php scripts
(switching contexts when interpreting them), and as a way of handling
samba (switching to a context derived from the client so that filesystem
accesses are confined based on the client, although to do that properly,
you need derived domains or a fscontext ala fsuid).
It is weaker than the exec-based transitions, but can have practical
benefits.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list