[CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux
Whit Blauvelt
whit at transpect.com
Wed May 26 03:09:35 UTC 2010
On Tue, May 25, 2010 at 10:03:38PM -0400, Jason Pyeron wrote:
> If you look at it as the two different commands, then they may have different
> permissions, owners, contexts, etc...
>
> /bin/sh vs /etc/init.d/smb
>
> I am just logically guessing here but ...
Let me follow your logic here. So the extra selinux labels differentiate
what /bin/sh, as a shell, calling the /etc/init.d/smb script, can do from
what /etc/init.d/smb, which in its first line invokes /bin/sh to run it, can
do. Okay, that sort of makes sense.
So with selinux, in general any script that selinux would stop from running
due to the script's own extra selinux file tags can be run if Evil Intruder
simply invokes the same script with its shell first - sh or perl or python
or whatever? That counts as security? Through what? The obscurity of this
devious workaround?
Whit
More information about the CentOS
mailing list