From: pebenito@ieee.org (Chris PeBenito)
Date: Sun, 11 Dec 2016 15:12:56 -0500
Subject: [refpolicy] [PATCH] userdomain: do not execute temporary files
In-Reply-To: <1481469765.600.1.camel@trentalancia.net>
References: <1481469765.600.1.camel@trentalancia.net>
Message-ID: <0f079bc8-1cf3-3b38-5ec2-c195b73530a1@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/11/16 10:22, Guido Trentalancia via refpolicy wrote:
> Executing temporary files is unsafe and dangerous and it is
> also unneeded on normal systems, therefore this patch
> removes such permission from the user_t domain.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
>  policy/modules/system/userdomain.if |    1 -
>  1 file changed, 1 deletion(-)
>
> --- refpolicy-git-07122016-orig/policy/modules/system/userdomain.if	2016-12-07 13:39:08.672449330 +0100
> +++ refpolicy-git-07122016/policy/modules/system/userdomain.if	2016-12-11 16:12:19.548933309 +0100
> @@ -812,7 +812,6 @@ template(`userdom_login_user_template',
>  	userdom_manage_tmp_role($1_r, $1_t)
>  	userdom_manage_tmpfs_role($1_r, $1_t)
>
> -	userdom_exec_user_tmp_files($1_t)
>  	userdom_exec_user_home_content_files($1_t)
>
>  	userdom_change_password_template($1)

NAK.  While there is some truth to this, this permission is limited to 
only files created by the user domain itself (as long as you have UBAC 
too).  This wouldn't save someone from downloading, e.g. a trojan and 
executing it out of their home dir since they couldn't execute it out of 
/tmp.

-- 
Chris PeBenito