From: dominick.grift@gmail.com (Dominick Grift)
Date: Wed, 27 Jun 2012 19:13:59 +0200
Subject: [refpolicy] [PATCH v2]: fix packagekit file context (standard
 location for the daemon)
In-Reply-To: <1340816399.3001.8.camel@vortex>
References: <1340207771.3570.11.camel@vortex>
	<1340240971.2940.2.camel@vortex> <4FE9BCD9.7010307@tresys.com>
	<1340718653.12652.1.camel@x220.mydomain.internal>
	<4FE9C1CB.4060804@tresys.com> <1340739584.2840.2.camel@vortex>
	<1340739947.12652.7.camel@x220.mydomain.internal>
	<1340816399.3001.8.camel@vortex>
Message-ID: <1340817239.27654.5.camel@x220.mydomain.internal>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, 2012-06-27 at 18:59 +0200, Guido Trentalancia wrote:
>  an hijacked copy of
> policykitd installed in the other location would be able to run with the
> same permissions as the trusted packagekitd without the user noticing
> anything.

It would not have to be installed in the other location for it to be
able to do damage. Same thing could also happen with a single location.

This is why it is important to only install packages from trusted
sources. SELinux is no substitute for that imho.

Think about it, a distro like Fedora has modules for all kinds of
services and applications of which many you may not even have installed:

example:

# semanage fcontext -l | grep unconfined_exec_t
/usr/bin/vncserver                                 regular file
system_u:object_r:unconfined_exec_t:s0 
/usr/sbin/xrdp                                     regular file
system_u:object_r:unconfined_exec_t:s0 
/usr/sbin/xrdp-sesman                              regular file
system_u:object_r:unconfined_exec_t:s0