Re: ld.so and LD_PRELOAD

To: debian-devel@lists.debian.org
Subject: Re: ld.so and LD_PRELOAD
From: Russell Coker <russell@coker.com.au>
Date: Sat, 7 Jun 2003 16:53:31 +1000
Message-id: <[🔎] 200306071653.31683.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 20030607003447.04f5bc6d.david@eelf.ddts.net>
References: <[🔎] 200306070422.30167.russell@coker.com.au> <[🔎] 1054941822.3305.6.camel@bohr> <[🔎] 20030607003447.04f5bc6d.david@eelf.ddts.net>

On Sat, 7 Jun 2003 14:34, David B Harris wrote:
> > If it turns out that SELinux doesn't really provide the security bonus
> > you thought it did --- either due to a bug or wanton misconfiguration
> > --- you have a less secure box than a standard Linux one would of been
> > (because you wouldn't of offered the service)

If there is some particular program that you want to run but would not run 
without the added protection of SE Linux (such as Sendmail) then you only 
need to make sure that the SE Linux policy for that program is doing the 
right thing.  The protection for the rest of the system is merely an added 
bonus.

> I certainly agree with the sentiment (having witnessed it myself
> routinely). However, LSM/SELinux is complex enough that most of the
> people who would be affected by this will choose another solution
> (grsecurity being the most prelevant, I believe). Those who don't have

Other solutions are less capable.  For example the Gentoo policy in the gradm 
package (which is more comprehensive than the Debian policy) has policy for 
xauth which permits it to write to all files under /home.

The SE Linux policy for xauth permits it to create new files of a different 
type which it has full access to (and the X applications can read) but can't 
write to other files.

Also the grsec sample policy seems to have /bin/bash hard-coded into the 
configuration in many places.  With SE Linux files are given a type, so you 
assign every shell the type shell_exec_t and things will work as expected no 
matter which shell a user chooses.  The shell is only a trivial example, 
there are many other situations where having access based on file name will 
bite you.

The case for SE Linux will be stronger when Linux 2.6.0 is released.  The LSM 
framework will be in the standard kernel (and probably the SE Linux code 
too).

Is anyone offering root access to any machine running any security system 
other than SE Linux?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

References:
- ld.so and LD_PRELOAD
  - From: Russell Coker <russell@coker.com.au>
- Re: ld.so and LD_PRELOAD
  - From: Anthony DeRobertis <asd@suespammers.org>
- Re: ld.so and LD_PRELOAD
  - From: David B Harris <david@eelf.ddts.net>

Prev by Date: Re: Used Slot Machine Web Site
Next by Date: Re: Debian Weekly News - June 3rd, 2003
Previous by thread: Re: ld.so and LD_PRELOAD
Next by thread: Re: ld.so and LD_PRELOAD
Index(es):
- Date
- Thread