From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 11 Dec 2016 15:12:56 -0500 Subject: [refpolicy] [PATCH] userdomain: do not execute temporary files In-Reply-To: <1481469765.600.1.camel@trentalancia.net> References: <1481469765.600.1.camel@trentalancia.net> Message-ID: <0f079bc8-1cf3-3b38-5ec2-c195b73530a1@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/11/16 10:22, Guido Trentalancia via refpolicy wrote: > Executing temporary files is unsafe and dangerous and it is > also unneeded on normal systems, therefore this patch > removes such permission from the user_t domain. > > Signed-off-by: Guido Trentalancia > --- > policy/modules/system/userdomain.if | 1 - > 1 file changed, 1 deletion(-) > > --- refpolicy-git-07122016-orig/policy/modules/system/userdomain.if 2016-12-07 13:39:08.672449330 +0100 > +++ refpolicy-git-07122016/policy/modules/system/userdomain.if 2016-12-11 16:12:19.548933309 +0100 > @@ -812,7 +812,6 @@ template(`userdom_login_user_template', > userdom_manage_tmp_role($1_r, $1_t) > userdom_manage_tmpfs_role($1_r, $1_t) > > - userdom_exec_user_tmp_files($1_t) > userdom_exec_user_home_content_files($1_t) > > userdom_change_password_template($1) NAK. While there is some truth to this, this permission is limited to only files created by the user domain itself (as long as you have UBAC too). This wouldn't save someone from downloading, e.g. a trojan and executing it out of their home dir since they couldn't execute it out of /tmp. -- Chris PeBenito