Steve Grubb skrev:
> On Saturday 01 March 2008 06:46:50 wolf2k5 wrote:
>  
>>> You need to break the links to get restorecon working without complaint.
>>>    
>> I see ...
>> Since this issue seems to affect all my RHEL5.1 new installations,
>> should it be filed as a bug?
>>  
>
> No, this behavior is intentional. The problem is that a non-root attacker
> could hardlink against a file (depending on how you partion your system and
> setup directory permissions). Assuming that we allowed restorecond to relabel
> without any sanity checks, restorecond will go ahead and set the extended
> attributes with the correct label. At some point the file gets overwritten
> which breaks the link. Now the attacker has a copy of the file with the xttr
> set with the label of the original file. They could then modify the file and
> use it for attacking whatever reads it.
>
> Of course, you might be able to do some analysis with policy sources to figure
> out if ultimately its safe to go ahead and allow the relabel. This is
> difficult, error prone, and time consuming. Restorecond is in a race with
> whatever reads the file to get its label corrected as fast as possible before
> you get an avc denial. So, the simplest thing to do is just not allow
> relabelling files that have a link number greater than one. Its rare that
> anyone has this problem.
>
> What you really want to do is figure out what is linking to the file. Can you
> tell what that is? Does it really need to be hardlinking to the file?
>
> -Steve
>
> _______________________________________________
> rhelv5-list mailing list
> rhelv5-list@(protected)
> https://www.redhat.com/mailman/listinfo/rhelv5-list
>  
/etc/sysconfig/networking/profiles/default/resolv.conf

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list