From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Thu, 20 Aug 2009 12:01:39 -0400 Subject: [refpolicy] Allowing aplication to run bin_t In-Reply-To: <200908201614.41402.Nicky726@gmail.com> References: <200908201614.41402.Nicky726@gmail.com> Message-ID: <1250784099.6222.15.camel@gorn.columbia.tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 2009-08-20 at 16:14 +0200, Nicky726 wrote: > when writing a policy for Konqueror I came by to an issue > of allowing it to run an aplication in bin_t (drkonqi). > > According to Dominick Grift it is no big deal to allow that > (http://oss.tresys.com/pipermail/refpolicy/2009- > August/001291.html) > > So is that considered safe and what would be possible > security riscs of allowing it? The main risk is arbitrary code execution. Many system programs are labeled bin_t, and konqueror would be able to execute any of them. These programs are system binaries, so they should be safe to execute (few domains can write to bin_t). They would still be constrained by konqueror's domain, so the risk depends on how privileged konqueror is. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150