From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 20 Aug 2009 12:01:39 -0400
Subject: [refpolicy] Allowing aplication to run bin_t
In-Reply-To: <200908201614.41402.Nicky726@gmail.com>
References: <200908201614.41402.Nicky726@gmail.com>
Message-ID: <1250784099.6222.15.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2009-08-20 at 16:14 +0200, Nicky726 wrote:
> when writing a policy for Konqueror I came by to an issue 
> of allowing it to run an aplication in bin_t (drkonqi).
> 
> According to Dominick Grift it is no big deal to allow that
> (http://oss.tresys.com/pipermail/refpolicy/2009-
> August/001291.html)
> 
> So is that considered safe and what would be possible 
> security riscs of allowing it?

The main risk is arbitrary code execution.  Many system programs are
labeled bin_t, and konqueror would be able to execute any of them.
These programs are system binaries, so they should be safe to execute
(few domains can write to bin_t).  They would still be constrained by
konqueror's domain, so the risk depends on how privileged konqueror is.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150