[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux
Subject: /dev/tty
From: Russell Coker <russell () coker ! com ! au>
Date: 2003-09-19 6:16:01
[Download RAW message or body]
If I have a session with /dev/pts/1 as the controlling tty and I do the
following:
program < /dev/tty 2> /dev/tty > /dev/tty &
Then changing the context of /dev/pts/1 does not cause my program to lose
terminal access. This is not what I expected!
I am not sure whether this would be considered a limitation of SE Linux. If a
process has the ability to make a pseudo-tty it's controlling terminal before
you change the context of the pseudo-tty to do something important with it
then you probably have some more serious problem.
Obviously in the case of "newrole -r sysadm_r" if you have another user with
write access to the terminal before the newrole command then they could be
intercepting what you are doing and you've already lost.
However one thing that may trick people is that when they run
"newrole -r user_r" from a more priviledged role to execute some untrusted
program, they will think that it's really gone when the command finishes. It
seems that the only safe way of using su or newrole to run an untrusted
program is through using the "exec" command so that when the untrusted
session is complete there are no priviledged processes waiting to take over
the terminal.
I am not sure whether there are any other cases in which devtty_t access would
be considered harmful.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic