[CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux
Whit Blauvelt
whit at transpect.comWed May 26 03:09:35 UTC 2010
- Previous message: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux
- Next message: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, May 25, 2010 at 10:03:38PM -0400, Jason Pyeron wrote: > If you look at it as the two different commands, then they may have different > permissions, owners, contexts, etc... > > /bin/sh vs /etc/init.d/smb > > I am just logically guessing here but ... Let me follow your logic here. So the extra selinux labels differentiate what /bin/sh, as a shell, calling the /etc/init.d/smb script, can do from what /etc/init.d/smb, which in its first line invokes /bin/sh to run it, can do. Okay, that sort of makes sense. So with selinux, in general any script that selinux would stop from running due to the script's own extra selinux file tags can be run if Evil Intruder simply invokes the same script with its shell first - sh or perl or python or whatever? That counts as security? Through what? The obscurity of this devious workaround? Whit
- Previous message: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux
- Next message: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list