Fedora and pkexec
Fedora and pkexec
Posted Feb 7, 2022 3:45 UTC (Mon) by flussence (guest, #85566)In reply to: Fedora and pkexec by bartoc
Parent article: Fedora and pkexec
SELinux is more of a bandage than a cure. The root problem here (excuse the pun) is full suid-bit privilege auth programs being necessary for going between any two lesser privilege levels, the general flow being [regular user -> unrestricted setuid 0 binary handling auth -> privileged filehandles/capabilities]. I'm not sure how to fix that, but it does seem like there's something we could be doing fundamentally better and not just "write C code more carefully".
Posted Feb 8, 2022 8:09 UTC (Tue)
by bartoc (guest, #124262)
[Link]
For things that are less general than pkexec/sudo something like selinux can reduce them from "full suid" a little bit.
And yeah, SELinux is absolutely (and always) a bandage rather than a cure. It's a defense in depth measure. It can do a good job stopping the bleeding though.
Fedora and pkexec
I think the solution is "make it easier to write correct suid programs", provide tools to correctly clear the environment and so forth.