Re: [PATCH v18 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execvefrom granting privs

[Andy Lutomirski]

On Thu, Apr 12, 2012 at 9:34 PM, James Morris <jmorris@xxxxxxxxx> wrote:
> On Thu, 12 Apr 2012, Andrew Lutomirski wrote:
>
>> > What about dynamic transitions in SELinux ?
>> >
>>
>> What's a dynamic transition?
>
> The security label can be changed without an exec:
>
> See selinux_setprocattr(), for "current".

Ah.

I see nothing wrong with that, for the same reason I see nothing wrong
with setuid (the system call) after PR_SET_NO_NEW_PRIVS.  The
privileges granted by writing to /proc/self/attr/current were already
available in the sense that you could have written to current whenever
you wanted to.

(FWIW, I think that selinux should have made that the only way to
change contexts, full stop.  And I think that the setuid and setgid
bits were mistakes.  Water under the bridge...)

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/