Re: Security issue? Daemon users has to much rights...
On Sun, 24 Oct 2004 19:24, Jan Lühr <jluehr@gmx.net> wrote:
> > Yes, and that is one of the core points in my suggestion that you look
> > at SELinux or a similar mandatory access control based security module.
>
> SELinux is overkill in some ways. A system adminstrator, not being able to
> handle ACLs won't be able to handle SELinux.
One of the problems with managing Unix access control is that there is no way
of analysing the chain of operations.
Program A can execute program B which is SETGID, which then gives it access to
execute program C which is SETUID (but not executable by the original GID),
etc. Analysing this would require an operation equivalent to find / to get
the data and a tool which no-one has bothered writing to analyse it.
The SE Linux policy has an analysis tool which can follow chains of execution.
If you are concerned about programs that can read /etc/shadow then you can
search the policy to get a list of the domains that are permitted access to
shadow_t. Then you can get a list of types that are entry-points for those
domains (EG the domain passwd_t has { read write } access to shadow_t and can
be entered through type passwd_exec_t) and check which files are labelled
with that type. The code in those programs can then be audited for correct
operation. Also the number of domains which can execute passwd_exec_t files
to enter the passwd_t domain is a small sub-set of the domains in the system.
The Unix permission system is very difficult to manage, and many security
problems have occurred because of mistakes, misunderstandings, and oversights
in manipulating it. Posix ACLs make things worse by having all the features
of Unix permissions plus more complexity. SE Linux is far easier to manage
correctly. Unix permissions are much easier to manage, this can be
considered a good thing (ease of use) or a bad thing (ease of borking a
system).
The problems which started this discussion are all already solved with the
default SE Linux policy.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: