Mivz wrote:
Chris PeBenito wrote:
plain text document attachment (heimdal-LDAP.te)
#/tmp/krb5cc
allow user_t local_login_tmp_t:file { read lock append };
I added this rule because pam_krb5 init's the krbcc and thus causes
the /tmp/krbcc to be in the wrong security context. Also kinit and
kdestroy loose access to /tmp/krbcc because of this. Is this a
pam_krb5 bug, because it creates the /tmp/krbcc file in the wrong
context, or a selinux-kerberos bug, because it does not handel the
/tmp/krbcc file correct?
I had another thought about this. The krb5cc files are one of the most
important files for a kerberos client. It holds your identity. Loosing
this file is like loosing a part of your shadow file. So I think this
file should be highly protected. The current selinux-kerberos policy
does not do this. I think every user should have a separated selinux
context for his krb5cc file and each program needing access to this
should be specified in the selinux policy.
This would prevent miscellaneous software for reaching this file and
abusing your identity.
It would be something like user:object_r:krb5_cc_t. Al programs
accessing should have a file_type_auto_trans.
I would like to work on this, but I don't know if it has any use,
because of the new upcoming policy. Is this policy just different being
modular and having to add dependency's like in the current
policy-server-policy, or are the basic macros and policy also going to
change that much that each policy has to be rewritten form scratch?
I also would like some comment on my idee for the krb5cc file.
--
[email protected] mailing list
