On Thu, 27 May 2010 13:28:37 EDT, Damian Gerow said: > Okay, that's probably where I'm pulling this from, then. I'll admit, I'm > not really sure how it's 'voodoo security'; sure, it just solves/papers over > one specific problem, but at least it does so consistantly and in one > location, instead of every application needing to be aware of the issue.
The reason why it's considered voodoo security in a MAC world is *because* it papers over one problem (a symlink can be used to redirect a file access), rather than look at the *real* problem: a program expecting to open a file in one security context was allowed to open something in another context (in this case, a symlink). So for instance, in the SELinux world, there's a rule that says "ntpd can only open files tagged with the 'ntpd_file' context", and another rule that says "mortals cannot create files in the ntpd_file context" - and at that point, there's no amount of symlink games or file-rename games you can play, because the kernel simply won't let ntpd access your bogus symlink or file. (And yes, the corner cases are a bitch - somebody needs to be able to edit ntp.conf. :)
pgpYaYeOQGsmy.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
