[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-selinux-list
Subject:    Re: autorelabel and sym links
From:       Bruno Wolff III <bruno () wolff ! to>
Date:       2006-03-19 4:46:25
Message-ID: 20060319044625.GA12868 () wolff ! to
[Download RAW message or body]

On Sun, Mar 19, 2006 at 01:07:18 +0100,
  Thomas Bleher <bleher@informatik.uni-muenchen.de> wrote:
> 
> That's true. restorecon doesn't need (and isn't allowed to by policy) to
> read where symlinks point to. This is very helpful in preventing symlink
> attacks.
> Hardlinks are more problematic. Setfiles (which runs when the whole
> filesystem is relabeled) keeps track of hardlinks and warns if a file
> would get two different security contexts because of its different file
> names. I don't know if restorecon has a similar check but it cannot
> reliably detect this problem if it's only run on part of a filesystem.
> This is the reason you should (on targeted policy) never run restorecon
> on untrusted userdata.

Thanks that was very helpful. I didn't know that setfiles was what was
used to relabel filesystems. Its man page is pretty clear on what it does.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[prev in list] [next in list] [prev in thread] [next in thread]