[redhat-lspp] Re: [PATCH 2/3] Re: MLS enforcing PTYs, sshd, and newrole
Linda Knippers
linda.knippers at hp.com
Thu Jan 4 21:57:32 UTC 2007
Daniel J Walsh wrote:
> We still have a problem on MLS machines, in that newrole can be used to
> pass data via pseudo terminals.
>
> script
> newrole -l SystemHigh
> cat TopSecret.doc
> ^d
> ^d
> cat typescript
>
> I propose we add this patch to newrole to check if we are on a pseudo
> terminal and then fail if user is using -l.
>
> Basically this patch checks the major number of the stdin, stdout,
> stderr for a number in the pseudo number range, If yes the pseudo
> terminal, if not continue. Not pretty but it solves the problem. I
> could not figure out another way to check if you are on a pseudo terminal.
> Comments?
>
>
> diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po'
> --exclude='*.pot' -N -u -r nsapolicycoreutils/newrole/newrole.c
> policycoreutils-1.33.7/newrole/newrole.c
> --- nsapolicycoreutils/newrole/newrole.c 2006-11-29
> 17:11:18.000000000 -0500
> +++ policycoreutils-1.33.7/newrole/newrole.c 2007-01-04
> 16:24:47.000000000 -0500
> @@ -67,6 +67,7 @@
> #include <selinux/get_context_list.h> /* for SELINUX_DEFAULTUSER */
> #include <signal.h>
> #include <unistd.h> /* for getuid(), exit(), getopt() */
> +#include <sys/stat.h>
> #ifdef USE_AUDIT
> #include <libaudit.h>
> #endif
> @@ -93,6 +94,19 @@
>
> extern char **environ;
>
> +static int check_isapty(int fd) {
> + struct stat buf;
> + if ((isatty(fd)) && (fstat(fd, &buf) == 0)) {
> + int dev=major(buf.st_rdev);
> + if (dev > 135 && dev < 144) {
Where do these numbers come from? Is UNIX98_PTY_SLAVE_MAJOR in
/usr/include/linux/major.h useful? That's what the value is on
my system. There's also PTY_SLAVE_MAJOR (value of 3) in that
file, but on my system that's the major for real ttys.
> + return 1;
> + } else {
> + return 0;
> + }
> + }
> + return 0;
> +}
> + /**
> * Construct from the current range and specified desired level a resulting
> * range. If the specified level is a range, return that. If it is not,
> then
> @@ -733,6 +747,7 @@
> security_context_t *new_context,
> int *preserve_environment)
> {
> + int i; /* index for open file descriptors */
> int flag_index; /* flag index in argv[] */
> int clflag; /* holds codes for command line flags */
> char *role_s = NULL; /* role spec'd by user in argv[] */
> @@ -793,6 +808,13 @@
> "specified\n"));
> return -1;
> }
> + for (i=0; i < 3; i++) {
> + if (check_isapty(i)) {
> + fprintf(stderr, "Error: you are
> not allowed to change levels on pseudo terminals\n");
> + return -1;
> + }
> + }
> +
> level_s = optarg;
> break;
> default:
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo at tycho.nsa.gov
> with
> the words "unsubscribe selinux" without quotes as the message.
More information about the redhat-lspp
mailing list