| 1 |
Mivz wrote: |
| 2 |
|
| 3 |
> Chris PeBenito wrote: |
| 4 |
> |
| 5 |
>>> plain text document attachment (heimdal-LDAP.te) |
| 6 |
>>> |
| 7 |
>>> #/tmp/krb5cc |
| 8 |
>>> allow user_t local_login_tmp_t:file { read lock append }; |
| 9 |
>>> |
| 10 |
>> |
| 11 |
> I added this rule because pam_krb5 init's the krbcc and thus causes |
| 12 |
> the /tmp/krbcc to be in the wrong security context. Also kinit and |
| 13 |
> kdestroy loose access to /tmp/krbcc because of this. Is this a |
| 14 |
> pam_krb5 bug, because it creates the /tmp/krbcc file in the wrong |
| 15 |
> context, or a selinux-kerberos bug, because it does not handel the |
| 16 |
> /tmp/krbcc file correct? |
| 17 |
|
| 18 |
I had another thought about this. The krb5cc files are one of the most |
| 19 |
important files for a kerberos client. It holds your identity. Loosing |
| 20 |
this file is like loosing a part of your shadow file. So I think this |
| 21 |
file should be highly protected. The current selinux-kerberos policy |
| 22 |
does not do this. I think every user should have a separated selinux |
| 23 |
context for his krb5cc file and each program needing access to this |
| 24 |
should be specified in the selinux policy. |
| 25 |
This would prevent miscellaneous software for reaching this file and |
| 26 |
abusing your identity. |
| 27 |
It would be something like user:object_r:krb5_cc_t. Al programs |
| 28 |
accessing should have a file_type_auto_trans. |
| 29 |
I would like to work on this, but I don't know if it has any use, |
| 30 |
because of the new upcoming policy. Is this policy just different being |
| 31 |
modular and having to add dependency's like in the current |
| 32 |
policy-server-policy, or are the basic macros and policy also going to |
| 33 |
change that much that each policy has to be rewritten form scratch? |
| 34 |
I also would like some comment on my idee for the krb5cc file. |
| 35 |
|
| 36 |
-- |
| 37 |
gentoo-hardened@g.o mailing list |
Archives