treasy
No user record in our sample, but treasy has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
No user record in our sample, but treasy has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
SELinux is overly complicated, but it’s not hard to at least grasp the basics The amount of people confusing DAC and MAC is concerning. You’ve done an excellent job explaining the topic.
Those files would be editable by something in the sysadm_t domain which is by default the domain of the root user after a successful authentication This backdoor does not bypass remote authentication so it should be…
Selinux domains are uncoupled from Linux users. If sshd does not have Selinux permissions to edit those files it will simply be denied. Even if sshd is run as root
libselinux is the userspace tooling for selinux, it is irrelevant to this specific discussion as the backdoor does not target selinux in any way, and sshd does not have the capabilities required to make use of the…
If you look at the diagram of privsep, the authentication process is part of the privileged binary, which is where this RCE lives http://www.citi.umich.edu/u/provos/ssh/priv.jpg
You can definitely prevent a lot of file/executable accesses via SELinux by running sshd in the default sshd_t or even customizing your own sshd domain and preventing sshd from being able to run binaries in its own…