Torsten Wörtwein
2017-07-05 18:49:26 UTC
Hi,
I encountered an unexpected behavior with symlinks:
1 acl symlink target="/home/user/secret_file"
audit 1
1 deny
$ ln -s /home/user/secret_file test
ln: failed to create symbolic link 'test': Operation not permitted
fails, while
$ cd /home/user
$ ln -s secret_file test test
is successful. Shouldn't both requests be denied as both create a
symlink to the same file?
Independent of that, it is often difficult to debug what the parent
process is if the parent (and child) process are no longer running.
This is mainly interesting when, e.g., /usr/bin/bash wants to perform
some action but you only want to allow /usr/bin/bash's action if it
is called by a trusted process. During rule creation, this trusted
parent process is not known (assume you want to protect a group of
objects). Therefore, I thought the following might be helpful to easily
determine the parent process:
1 acl execute
1 allow transition=task.exe
Unfortunately, this doesn't match anything (adding '2 deny' prevents
any execution).
Lastly, it might be good for visibility to include caitsith in your
comparison on http://tomoyo.osdn.jp/wiki-e/?WhatIs#comparison
Thanks,
Torsten
I encountered an unexpected behavior with symlinks:
1 acl symlink target="/home/user/secret_file"
audit 1
1 deny
$ ln -s /home/user/secret_file test
ln: failed to create symbolic link 'test': Operation not permitted
fails, while
$ cd /home/user
$ ln -s secret_file test test
is successful. Shouldn't both requests be denied as both create a
symlink to the same file?
Independent of that, it is often difficult to debug what the parent
process is if the parent (and child) process are no longer running.
This is mainly interesting when, e.g., /usr/bin/bash wants to perform
some action but you only want to allow /usr/bin/bash's action if it
is called by a trusted process. During rule creation, this trusted
parent process is not known (assume you want to protect a group of
objects). Therefore, I thought the following might be helpful to easily
determine the parent process:
1 acl execute
1 allow transition=task.exe
Unfortunately, this doesn't match anything (adding '2 deny' prevents
any execution).
Lastly, it might be good for visibility to include caitsith in your
comparison on http://tomoyo.osdn.jp/wiki-e/?WhatIs#comparison
Thanks,
Torsten