rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

trunk:

Browse Source 
The attached patch fixes incorrect behavior in sepgsql_enable_users_ddl.

The current policy allows users/unprivs to run ALTER TABLE statement
unconditionally, because db_table/db_column:{setattr} is allowed outside
of the boolean. It should be moved to conditional section.

In addition, they are also allowed to db_procedure:{create drop setattr}
for xxxx_sepgsql_proc_exec_t, but it means we allows them to create, drop
or alter definition of the functions unconditionally. So, it also should
be moved to conditional section.

The postgresql.te allows sepgsql_client_type to modify sepgsql_table_t
and sepgsql_sysobj_t when sepgsql_enable_users_ddl is enabled, but
it should not be allowed.

KaiGai Kohei
This commit is contained in:
Chris PeBenito 2009-05-21 11:49:33 +00:00
parent a01a4a7183
commit e0ea7b15ca
2 changed files with 9 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
policy/modules/services/postgresql.if
View File

@ -46,21 +46,22 @@ interface(`postgresql_role',`
# #
tunable_policy(`sepgsql_enable_users_ddl',` tunable_policy(`sepgsql_enable_users_ddl',`
allow $2 user_sepgsql_table_t:db_table { create drop }; allow $2 user_sepgsql_table_t:db_table { create drop setattr };
allow $2 user_sepgsql_table_t:db_column { create drop }; allow $2 user_sepgsql_table_t:db_column { create drop setattr };
allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete }; allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };
allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };
') ')
allow $2 user_sepgsql_table_t:db_table { getattr setattr use select update insert delete lock }; allow $2 user_sepgsql_table_t:db_table { getattr use select update insert delete lock };
allow $2 user_sepgsql_table_t:db_column { getattr setattr use select update insert }; allow $2 user_sepgsql_table_t:db_column { getattr use select update insert };
allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete }; allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete };
type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t; type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t;
allow $2 user_sepgsql_sysobj_t:db_tuple { use select }; allow $2 user_sepgsql_sysobj_t:db_tuple { use select };
type_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t; type_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t;
allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute }; allow $2 user_sepgsql_proc_exec_t:db_procedure { getattr execute };
type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t; type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;
allow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write }; allow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write };
@ -347,6 +348,7 @@ interface(`postgresql_unpriv_client',`
allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr }; allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr }; allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete }; allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };
') ')
allow $1 unpriv_sepgsql_table_t:db_table { getattr use select update insert delete lock }; allow $1 unpriv_sepgsql_table_t:db_table { getattr use select update insert delete lock };
@ -357,7 +359,7 @@ interface(`postgresql_unpriv_client',`
allow $1 unpriv_sepgsql_sysobj_t:db_tuple { use select }; allow $1 unpriv_sepgsql_sysobj_t:db_tuple { use select };
type_transition $1 sepgsql_sysobj_table_type:db_tuple unpriv_sepgsql_sysobj_t; type_transition $1 sepgsql_sysobj_table_type:db_tuple unpriv_sepgsql_sysobj_t;
allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute }; allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { getattr execute };
type_transition $1 sepgsql_database_type:db_procedure unpriv_sepgsql_proc_exec_t; type_transition $1 sepgsql_database_type:db_procedure unpriv_sepgsql_proc_exec_t;
allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write }; allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write };

8
policy/modules/services/postgresql.te
View File

@ -1,5 +1,5 @@
policy_module(postgresql, 1.8.5) policy_module(postgresql, 1.8.6)
gen_require(` gen_require(`
class db_database all_db_database_perms; class db_database all_db_database_perms;
@ -338,12 +338,6 @@ allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;
# Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL. # Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.
dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete }; dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };
tunable_policy(`sepgsql_enable_users_ddl',`
allow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr };
allow sepgsql_client_type sepgsql_table_t:db_column { create drop setattr };
allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { update insert delete };
')
######################################## ########################################
# #
# Unconfined access to this module # Unconfined access to this module