[redhat-lspp] Re: [PATCH 2/3] Re: MLS enforcing PTYs, sshd, and newrole
Joshua Brindle
jbrindle at tresys.com
Fri Jan 5 03:05:57 UTC 2007
Klaus Weidner wrote:
> On Thu, Jan 04, 2007 at 06:19:13PM -0500, Linda Knippers wrote:
>
>>> devices.txt in kernel documentation.
>>> 2176 <http://www.mjmwired.net/kernel/Documentation/devices.txt#2176> 136-143 char Unix98 PTY slaves
>>>
>> Since that document has multiple devices with the same major, I wonder if its
>> safer to fstatfs() the fd and make sure the f_type is the devpts fs magic
>> number. It only seems to be defined in fs/devpts/inode.c though.
>>
>>
>>> #define DEVPTS_SUPER_MAGIC 0x1cd1
>>>
>> devpts is mounted on /dev/pts before single user mode so it seems to always
>> be there unless someone unmounts it. If you try to ssh in without /dev/pts
>> mounted the ssh hangs.
>>
>
> I think blacklists are usually a bad idea for security, for example this
> breaks if people have a kernel that supports the old-style ptys that
> don't use devpts. How about turning it around and only allowing use of
> known good ttys, similar to /etc/securetty, or insisting on type
> "tty_device_t" which includes the virtual console and serial terminals
> but not the ptys?
>
Hardcoding types into code makes it inflexible to policy changes, this
is a bad idea IMO, the tty whitelist, however, is probably the way to
go. I don't know if we should use the existing /etc/securetty or add
our own file though.
More information about the redhat-lspp
mailing list