Fwd: Re: [DSE-User] selinux and /sbin/init INIT_PROG feature
Thomas Hood
jdthood at yahoo.co.uk
Thu Jan 12 13:06:14 UTC 2006
Thomas Bleher wrote:
> So while you can't disable it completely you can control it reasonably;
> I think from an SELinux POV it is OK to implement it - though of course
> it should be properly documented so people know about it.
Thanks for the reply. I am forwarding a message I just sent to the submitter
of the INIT_PROG request.
> I have an idea. Instead of allowing an arbitrary program path to be set, we allow
> a _suffix_ to be set. "telinit -e INIT_SFX=foo ; telinit u" would cause init to exec
> "/sbin/init.foo". Now, /sbin/init.foo can be a symlink to an executable on another
> filesystem, so this should provide the same capability as INIT_PROG; but because it
> is done via a symlink on the same filesystem as /sbin/init, the administrator has
> control over what init can exec. If /sbin is on a read-only filesystem and there
> are no /sbin/init.* then the feature is effectively disabled.
>
> I can see two possible pitfalls. First, if /sbin/init.alt is a symlink to /alt/init
> and /sbin/init execs /sbin/init.alt, does this keep /sbin's filesystem busy? If so
> then we can code init to use readlink(2) to get the target of /sbin/init.alt and
> exec that target instead of /sbin/init.alt itself.
>
> Second, if /sbin/init execs /alt/init (via /sbin/init.alt) and /sbin is unmounted
> then /sbin/init.alt is no longer visible; so init will not be able to re-exec
> itself a second time. Would this be a problem?
Any comments on this?
--
Thomas
More information about the Selinux-user
mailing list