[rsbac] Trusted Path Execution and scripts

tazok tazok.id0 at gmail.com
Wed Jul 19 09:17:04 CEST 2006

Hello to all people in the mailing list, I'm planning to implement one
Trusted Path Execution based on the RC model, to do it I will create the
following fd_types:
normal_binaries, secoff_binaries, root_binaries and
whatever_you_want_binaries, the same with libraries. This types will be the
unique to get access to MAP_EXEC and EXECUTE privileges. For now all is
correct. The problem begins when the binaries perl, python and bash arrives
and their scripts (untrusted scripts). The solution I thought was marking
those binaries with a new forced role as perl_role or something like it and
remove all READ_OPEN and possibly all READ and READ_WRITE_OPEN privileges
from all compatible types like general_fd mantaining them only in the
fd_type trusted_scripts for example(at least I will try to do with the first
two, the third is too problematic as all programs will run with this forced
role if I'm not wrong).

I' have not idea about how to extend the TPE to bash, I can't do it making
the bash binary as a forced role because it will act as a "wrapper" that
would change all roles of all users to this "bash_forced_role", I can't
remove the READ_OPEN privilege from the general_fd of all roles because if
I'm not wrong all config files of all programs would need this privilege
(and each user has their own config files in their home directory).

Someone knows one possible solution to this¿?. and,
Do you consider an untrusted bash script one significative menace to control

If I'm wrong in some concept please notify me. The same if you couldn't
understand something of this mail... Thank you very much to all.

One more thing, is there one normative or a "conduct code" in the mailing
list that I must read and in consequence follow¿?

More information about the rsbac mailing list