Date: Tue, 30 Sep 2003 08:40:45 -0700 (PDT) From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 38890 for review Message-ID: <200309301540.h8UFej3S092829@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=38890 Change 38890 by areisse@areisse_tislabs on 2003/09/30 08:39:52 Allow limited remote command execution from sshd. Initial policy for cvs. To use the "secure" cvs, it must be accessed from ssh via a repository specification such as :ext:localhost:/cvs. Repositories must be labelled with user_cvsrep_t or similar. Affected files ... .. //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/ssh.te#5 edit .. //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/unused/cvs.te#1 add .. //depot/projects/trustedbsd/sebsd_policy/policy/file_contexts/program/cvs.fc#1 add .. //depot/projects/trustedbsd/sebsd_policy/policy/file_contexts/types.fc#3 edit .. //depot/projects/trustedbsd/sebsd_policy/policy/macros/global_macros.te#4 edit .. //depot/projects/trustedbsd/sebsd_policy/policy/macros/program/cvs_macros.te#1 add .. //depot/projects/trustedbsd/sebsd_policy/policy/macros/program/ssh_macros.te#4 edit Differences ... ==== //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/ssh.te#5 (text+ko) ==== @@ -204,3 +204,24 @@ # Everything else is in the ssh_domain macro in # macros/program/ssh_macros.te. +# Transitory domain to run cvs from sshd +ifdef(`cvs.te',` +type sshd_user_shell_t, domain; +domain_auto_trans(sshd_t, shell_exec_t, sshd_user_shell_t) +domain_auto_trans(sshd_user_shell_t, cvs_exec_t, user_cvs_rw_t) +role system_r types sshd_user_shell_t; +role system_r types user_cvs_rw_t; + +allow sshd_user_shell_t { self sshd_t }:fd { create use }; +allow sshd_user_shell_t { sbin_t bin_t home_root_t user_home_dir_t usr_t etc_t }:dir search; +allow sshd_user_shell_t etc_t:file r_file_perms; +allow sshd_user_shell_t { sbin_t bin_t }:file rx_file_perms; +allow sshd_user_shell_t { sbin_t bin_t }:file execute_no_trans; + +uses_shlib(sshd_user_shell_t) + +allow sshd_user_shell_t user_home_t:file r_file_perms; +allow sshd_user_shell_t { user_home_dir_t user_home_t }:dir r_dir_perms; + +allow user_cvs_rw_t sshd_t:fd use; +') ==== //depot/projects/trustedbsd/sebsd_policy/policy/file_contexts/types.fc#3 (text+ko) ==== @@ -84,8 +84,8 @@ /home/[^/]+ -d system_u:object_r:user_home_dir_t /home/[^/]+/.+ system_u:object_r:user_home_t /usr/home system_u:object_r:home_root_t -/home/[^/]+ -d system_u:object_r:user_home_dir_t -/home/[^/]+/.+ system_u:object_r:user_home_t +/usr/home/[^/]+ -d system_u:object_r:user_home_dir_t +/usr/home/[^/]+/.+ system_u:object_r:user_home_t # # Other staff home directories, replace "jadmin" with appropriate name ==== //depot/projects/trustedbsd/sebsd_policy/policy/macros/global_macros.te#4 (text+ko) ==== @@ -706,7 +706,7 @@ # Access file descriptions, pipes, and sockets # created by processes in the same domain. allow $1 self:fd *; -allow $1 self:fifo_file rw_file_perms; +allow $1 self:fifo_file { poll rw_file_perms }; allow $1 self:unix_dgram_socket create_socket_perms; allow $1 self:unix_stream_socket create_stream_socket_perms; ==== //depot/projects/trustedbsd/sebsd_policy/policy/macros/program/ssh_macros.te#4 (text+ko) ==== @@ -128,6 +128,8 @@ allow $1_ssh_t $1_tty_device_t:chr_file { poll rw_file_perms }; allow $1_ssh_t $1_devpts_t:chr_file { poll rw_file_perms }; +allow $1_ssh_t $1_t:fifo_file poll; + # Allow the user shell to signal the ssh program. allow $1_t $1_ssh_t:process signal; # allow ps to show ssh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309301540.h8UFej3S092829>