On Jan 16, 2006, at 7:14 PM, Herbert Xu wrote:
On Mon, Jan 16, 2006 at 06:10:53PM -0500, cxzhang wrote:
This patch contains a fix for the previous patch that adds security
contexts to IPsec policies and security associations. In the
previous
patch, no authorization (besides the check for write permissions to
SAD and SPD) is required to delete IPsec policies and security
assocations with security contexts. Thus a user authorized to change
SAD and SPD can bypass the IPsec policy authorization by simply
deleteing policies with security contexts. To fix this security
hole,
an additional authorization check is added for removing security
policies and security associations with security contexts.
Perhaps I'm missing something. But I thought only root can modify
the SAD/SPD?
We want to limit the modification of security contexts only to the
minimal set of programs (e.g., setkey and racoon). SELinux generally
restricts root programs to least privilege rights, such that a root
program that does not modify security policy under any normal
circumstances is not given permissions to do so. As a result, such
programs are constrained from modifying security policy if compromised.
Regards,
Trent.
----------------------------------------------
Trent Jaeger, Associate Professor
Pennsylvania State University, CSE Dept
346A IST Bldg, University Park, PA 16802
Email: [EMAIL PROTECTED]
Ph: (814) 865-1042, Fax: (814) 865-3176
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
