[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sshd transition points

To: Stephen Smalley <sds@xxxxxxxxxxxxxx>
Subject: Re: sshd transition points
From: Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>
Date: Wed, 16 Feb 2005 18:31:13 +0000
Cc: SE-Linux <selinux@xxxxxxxxxxxxx>
In-reply-to: <1108576417.20162.9.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Mail-followup-to: Stephen Smalley <sds@xxxxxxxxxxxxxx>, SE-Linux <selinux@xxxxxxxxxxxxx>
References: <20050215191640.GA26294@xxxxxxxx> <1108495342.17854.200.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050215200355.GB26294@xxxxxxxx> <20050215225329.GH26294@xxxxxxxx> <20050215231707.GC29523@xxxxxxxx> <20050216000437.GD30341@xxxxxxxx> <1108559425.19756.54.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050216134457.GL31121@xxxxxxxx> <20050216152644.GU31121@xxxxxxxx> <1108576417.20162.9.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx
User-agent: Mutt/1.5.5.1+cvs20040105i

On Wed, Feb 16, 2005 at 12:53:38PM -0500, Stephen Smalley wrote:
> On Wed, 2005-02-16 at 10:26, Luke Kenneth Casson Leighton wrote:
> > i aim to add a setcon() into sshd's "input_userauth_request()"
> > function just after the point where the username is obtained,
> > such that any unauthorised IP addresses for that username will
> > immediately stop any further TCP traffic.
> 
> And this occurs in the unprivileged child process, not the monitor?  

 looks like it, yes.

> So
> the unprivileged child will timeout waiting for further input, die, and
> the monitor will cleanup?

 yes, it most likely will have to.

> > i will add a type_transition to the policy
> > 
> > 	 type_transition sshd_priv_t user_t:process sshd_priv_user_t;
> > 
> > i will temporarily use get_default_context() - if it works - to
> > obtain the user_t context, as the 2nd argument to
> > security_compute_create().
> > 
> > i will use security_compute_create() to look up the actual context
> > in my type_transition policy rule (sshd_priv_user_t).
> 
> And where does sshd_priv_t come from?  

> Unless you make some other
> change, you are still running in sshd_t at this point, right?
 
 yes.

 i dreamed up sshd_priv_t for no particular reason other than it
 would conceivably be better to run setcon("sshd_priv_t") first
 on the unprivileged child process, followed by the
 security_compute_create(), such that creating

	type_transition sshd_priv_t user_t:process sshd_priv_user_t;

 doesn't interfere with anything to do with sshd_t.

 plus, of course, it would be possible to lock down a set
 of insanely restrictive rules for sshd_priv_t (involving
 networking and pretty much nothing else), with the implicit
 possibility that sshd_t could have some networking permissions
 removed.

 l.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

References:
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Stephen Smalley
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Stephen Smalley
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Stephen Smalley

Prev by Date: Re: sshd transition points
Next by Date: [owner@xxxxxxxxxxxxxxx: Bug#258725 acknowledged by developer (Bug#258725: fixed in hotplug 0.0.20040329-17)]
Previous by thread: Re: sshd transition points
Next by thread: Re: sshd transition points
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.