Quote:
Originally Posted by SeijiSensei
How about trojans that are installed by the users themselves? I could be running a keyboard-grabber as an ordinary user that periodically sends the logs to a website all without violating any permissions.
What I don't know is how SE LInux applies to this. I'll say right now that I routinely set SELINUX to permissive (logs events, doesn't block anything) on RedHat-flavored boxes because it can be a real pain in the neck when enabled. Nevertheless I thought that, when enabled, SE Linux maintains an inventory of legitimate binaries and blocks the execution of ones not in the database. If so, that goes a long way toward preventing the accidental execution of some rogue program as an ordinary user. I may be talking out of my hat here, though.
|
SELinux in the stock configuration (at least with the targeted policy) from RH/Fedora wouldn't stop a user from running an executable in their home dir that can make TCP connections to some arbitrary host on the net. You could conceivably create a policy that denies users the ability to run executables in their home directories. You could also write a policy that denies applications the user runs from their home directory from making connections to hosts on the network.
Last I looked, creating SELinux policies was not fun. Not fun at all. There are domains, file labels, types, etc. that you have to deal with.
The default targeted policies in RH/Fedora are mainly there to restrict what daemons may or may not do. There is a policy that can allow/deny samba from sharing home directories, one that allows/denies apache from running cgi, etc. If someone were to compromise a daemon and run code in the daemon's context it should theoretically be limited in what it can do on the system.