1 |
Mivz wrote: |
2 |
|
3 |
> Chris PeBenito wrote: |
4 |
> |
5 |
>>> plain text document attachment (heimdal-LDAP.te) |
6 |
>>> |
7 |
>>> #/tmp/krb5cc |
8 |
>>> allow user_t local_login_tmp_t:file { read lock append }; |
9 |
>>> |
10 |
>> |
11 |
> I added this rule because pam_krb5 init's the krbcc and thus causes |
12 |
> the /tmp/krbcc to be in the wrong security context. Also kinit and |
13 |
> kdestroy loose access to /tmp/krbcc because of this. Is this a |
14 |
> pam_krb5 bug, because it creates the /tmp/krbcc file in the wrong |
15 |
> context, or a selinux-kerberos bug, because it does not handel the |
16 |
> /tmp/krbcc file correct? |
17 |
|
18 |
I had another thought about this. The krb5cc files are one of the most |
19 |
important files for a kerberos client. It holds your identity. Loosing |
20 |
this file is like loosing a part of your shadow file. So I think this |
21 |
file should be highly protected. The current selinux-kerberos policy |
22 |
does not do this. I think every user should have a separated selinux |
23 |
context for his krb5cc file and each program needing access to this |
24 |
should be specified in the selinux policy. |
25 |
This would prevent miscellaneous software for reaching this file and |
26 |
abusing your identity. |
27 |
It would be something like user:object_r:krb5_cc_t. Al programs |
28 |
accessing should have a file_type_auto_trans. |
29 |
I would like to work on this, but I don't know if it has any use, |
30 |
because of the new upcoming policy. Is this policy just different being |
31 |
modular and having to add dependency's like in the current |
32 |
policy-server-policy, or are the basic macros and policy also going to |
33 |
change that much that each policy has to be rewritten form scratch? |
34 |
I also would like some comment on my idee for the krb5cc file. |
35 |
|
36 |
-- |
37 |
gentoo-hardened@g.o mailing list |