[tomoyo-users 927] tomoyo-sortpolicy

Discussion:

早間義博

2011-11-08 01:52:07 UTC

$BAa4V$G$9!#(B
tomoyo-tools-2.4.0_p20110929 $B$r;HMQ$7$F$$$^$9!#(B

$B7GBj$N(Btomoyo-sortpolicy $B$N5!G=$G$9$,(B
$B!V(Btomoyo-sortpolicy $B=hM}A0!W(B
$B$N$h$&$KF10l%I%a%$%s$,(B2$B0J>e$"$k(B domain_policy.conf $B$r(B
tomoyo-sortpolicy $B$GJB$SBX$($?>l9g(B
$B!V(Btomoyo-sortpolicy $B=hM}8e!W(B
$B$N$h$&$K(B
(1) $BF1$8%I%a%$%s$,$"$k>l9g$O0l$D$N%I%a%$%s$@$1$,;D$k!#(B
(2) $B>e5-$N>l9g!"F10l$N%I%a%$%s$KB0$9$k%I%a%$%s%G!<%?$O;D$5$l$k0l$D(B
$B$N%I%a%$%s$K=8$a$i$l$k!#(B
$B$^$?!"0lHLE*$K!"(B
(3) $BF10l%I%a%$%sFb$G$O=EJ#$9$kDj5A$O0l$D$@$1;D$7!"B>$O:o=|$5$l$k!#(B
(4) $BB>$***@_Dj$KJq4^$5$l$k$HH=CG$5$l$?%G!<%?$O:o=|$5$l$k!#(B
$B$H9M$($FNI$$$G$9$+!#(B

tomoyo-sortpolicy $B=hM}A0(B
---------------------------- $B$3$3$+$i(B ---------------------------
<kernel> /usr/local/bin/mycommand

file read /etc/passwd
file read /var/tmp/\*

.
.

<kernel> /usr/local/bin/mycommand

file read /tmp/\*
file read /var/tmp/mycommand.tmp
---------------------------- $B$3$3$^$G(B ---------------------------

tomoyo-sortpolicy $B=hM}8e(B
---------------------------- $B$3$3$+$i(B ---------------------------
<kernel> /usr/local/bin/mycommand

file read /etc/passwd
file read /var/tmp/\*
file read /tmp/\*

.
.
---------------------------- $B$3$3$^$G(B ---------------------------

-- $BAa4V(B

Tetsuo Handa

2011-11-08 08:17:32 UTC

Permalink

TOMOYO $B%+!<%M%k$K$*$1$k%I%a%$%s$N07$$J}$O(B Linux $B>e$G$N%U%!%$%kA`:n$HF1MM$K(B
$B9M$($F$/$@$5$$!#(B

<kernel> /usr/local/bin/mycommand $B$H$$$&9T$r=q$-9~$`$N$O!"(B
open("<kernel> /usr/local/bin/mycommand", O_CREAT | O_RDWR, 0666) $B$KAjEv(B
$B$7$^$9!#(B open() $B$K(B O_CREAT $B$rEO$7$?>l9g!"$=$N%U%!%$%k$,B8:_$7$J$1$l$P:***@.$7$?(B
$B>e$G%*!<%W%s$7!"4{$KB8:_$9$k>l9g$K$O$=$N%U%!%$%k$r%*!<%W%s$7$^$9!#%I%a%$%s$K(B
$B$D$$$F$bF1MM$G!"$=$N%I%a%$%s$,B8:_$7$J$1$l$P:***@.$7$?>e$GA*Br$7!"4{$KB8:_$9$k(B
$B>l9g$K$O$=$N%I%a%$%s$rA*Br$7$^$9!#(B

select <kernel> /usr/local/bin/mycommand $B$H$$$&9T$r=q$-9~$`$N$O!"(B
open("<kernel> /usr/local/bin/mycommand", O_RDWR) $B$KAjEv$7$^$9!#(B
open() $B$K(B O_CREAT $B$rEO$5$J$$>l9g!"$=$N%U%!%$%k$,B8:_$7$J$1$l$P%*!<%W%s(B
$B$5$l$^$;$s!#%I%a%$%s$K$D$$$F$bF1MM$G!"$=$N%I%a%$%s$,B8:_$7$J$1$l$PA*Br(B
$B$5$l$^$;$s!#(B

delete <kernel> /usr/local/bin/mycommand $B$H$$$&9T$r=q$-9~$`$N$O!"(B
unlink("<kernel> /usr/local/bin/mycommand") $B$KAjEv$7$^$9!#$=$N%U%!%$%k$,(B
$BB8:_$7$F$$$l$P:o=|$5$l$^$9$7!"B8:_$7$J$1$l$P:o=|$5$l$^$;$s!#%U%!%$%k$,:o=|(B
$B$5$l$kA0$KMxMQ$r3+;O$7$?%W%m%;%9$O!"$=$N%U%!%$%k$NMxMQ$r=*N;$9$k!J%U%!%$%k$r(B
$BJD$8$k!K$^$G$O!"%U%!%$%k$,:o=|$5$l$?8e$G$b7QB3$7$FMxMQ$9$k$3$H$,$G$-$^$9!#(B
$B%I%a%$%s$K$D$$$F$bF1MM$G!"$=$N%I%a%$%s$,B8:_$7$F$$$l$P:o=|$5$l$^$9$7!"B8:_(B
$B$7$J$1$l$P:o=|$5$l$^$;$s!#%I%a%$%s$,:o=|$5$l$kA0$K$=$N%I%a%$%s$KE~C#$7$?(B
$B%W%m%;%9$O!"$=$N%I%a%$%s$+$i5n$k!J%W%m%;%9$,=*N;$9$k$+B>$N%I%a%$%s$XA+0\$9$k!K(B
$B$^$G$O!"%I%a%$%s$,:o=|$5$l$?8e$G$b7QB3$7$FMxMQ$9$k$3$H$,$G$-$^$9!#(B

unlink("<kernel> /usr/local/bin/mycommand") $B$KB3$1$F(B
open("<kernel> /usr/local/bin/mycommand", O_CREAT | O_RDWR, 0666) $B$r9T$C$?(B
$B>l9g!"(B unlink() $B$5$l$kA0$K(B open() $B$5$l$?%U%!%$%k$rMxMQ$7$F$$$k%W%m%;%9(B
$B!J(B pid $B$,(B 100 $B$H2>Dj$7$^$9!K$H!"(B unlink() $B$5$l$?8e$K(B open() $B$5$l$?%U%!%$%k$r(B
$BMxMQ$7$F$$$k%W%m%;%9!J(B pid $B$,(B 200 $B$H2>Dj$7$^$9!K$H$G$O!"%U%!%$%kL>$OF1$8$G$b(B
$B0[$J$k%U%!%$%k$rMxMQ$7$F$$$k$3$H$K$J$j$^$9!#$3$N$h$&$J>l9g$K(B pid $B$,(B 100 $B$N(B
$B%W%m%;%9$,MxMQ$7$F$$$k%U%!%$%k$KE~C#$9$k$?$a$K$O!"(B
open("<kernel> /usr/local/bin/mycommand", O_CREAT | O_RDWR, 0666) $B$NBe$o$j$K(B
open("/proc/100/fd/$B?t;z(B", O_RDWR, 0666) $B$N$h$&$K<B9T$7$^$9!#(B
$B%I%a%$%s$K$D$$$F$bF1MM$G!"(B
delete <kernel> /usr/local/bin/mycommand $B$H$$$&9T$r=q$-9~$`A0$K(B
<kernel> /usr/local/bin/mycommand $B%I%a%$%s$KE~C#$7$?%W%m%;%9!J(B pid $B$,(B 300 $B$H(B
$B2>Dj$7$^$9!K$N%]%j%7!<$KE~C#$7$?$$>l9g!"(B
select <kernel> /usr/local/bin/mycommand $B$NBe$o$j$K(B select pid=300 $B$N$h$&$K(B
$B<B9T$7$^$9!#(B

TOMOYO $B%+!<%M%k$K$*$1$k%"%/%;%95v2D$NDI2C$d:o=|$O!":9J,;XDj$K$h$j9T$$$^$9!#(B
$B%U%!%$%k$rJT=8$9$k:]$K$O$^$:(B open() $B$G%U%!%$%k$r%*!<%W%s$9$k$N$HF1MM$K!"(B
$B%I%a%$%s$N%"%/%;%95v2D$rJT=8$9$k$K$O$^$:(B
<kernel> /usr/local/bin/mycommand $B$d(B
select <kernel> /usr/local/bin/mycommand $B$H$$$&9T$r=q$-9~$s$G$=$N%I%a%$%s$r(B
$BA*Br$7$^$9!#$=$N8e!"$=$N%I%a%$%s$KBP$7$F%(%s%H%j$NDI2C$d:o=|$r9T$$$^$9!#(B
$B$=$N:]!"4{$KB8:_$9$k%(%s%H%j$HF1$8$b$N$rDI2C$7$h$&$H$7$F$bDI2C$5$l$^$;$s!#(B
$B$^$?!"B8:_$7$J$$%(%s%H%j$r:o=|$7$h$&$H$7$F$b:o=|$5$l$^$;$s!#(B
$B4{$KB8:_$7$F$$$?$j!"4{$K:o=|$5$l$F$$$?>l9g$G$b!"%(%i!<$K$O$J$j$^$;$s$N$G!"(B
$BF1$8=hM}$r#12s$7$F$b#22s0J>e$7$F$bF1$87k2L$,F@$i$l$^$9!#(B

$BAa4V5AGn(B $B$5$s$O=q$-$^$7$?!'(B

Post by æ©éç¾©å
(2) $B>e5-$N>l9g!"F10l$N%I%a%$%s$KB0$9$k%I%a%$%s%G!<%?$O;D$5$l$k0l$D(B
$B$N%I%a%$%s$K=8$a$i$l$k!#(B

tomoyo-sortpolicy $B$d(B tomoyo-editpolicy $B$OA0=R$N%+!<%M%k$,9T$&F0:n$r??;w(B
$B$7$^$9!#$=$N$?$a!"(B <kernel> /usr/local/bin/mycommand $B$H$$$&9T$,J#?t2sEP>l$7$?(B
$B>l9g!"#18D$K%^!<%8$7$^$9!#(B

Post by æ©éç¾©å
$B$^$?!"0lHLE*$K!"(B

$B$O$$!#(B
$B$=$N$h$&$J5!G=$O(B tomoyo-sortpolicy $B$K$O$"$j$^$;$s!#!J!0#x!0!((B

Post by æ©éç¾©å
$B$H9M$($FNI$$$G$9$+!#(B
tomoyo-sortpolicy $B=hM}A0(B
---------------------------- $B$3$3$+$i(B ---------------------------
<kernel> /usr/local/bin/mycommand
file read /etc/passwd
file read /var/tmp/\*
.
.
<kernel> /usr/local/bin/mycommand
file read /tmp/\*
file read /var/tmp/mycommand.tmp
---------------------------- $B$3$3$^$G(B ---------------------------
tomoyo-sortpolicy $B=hM}8e(B
---------------------------- $B$3$3$+$i(B ---------------------------
<kernel> /usr/local/bin/mycommand
file read /etc/passwd
file read /var/tmp/\*
file read /tmp/\*

$B$3$3$K(B file read /var/tmp/mycommand.tmp $B$,H4$1$F$$$^$;$s$+!)(B

Post by æ©éç¾©å
.
.
---------------------------- $B$3$3$^$G(B ---------------------------

早間義博

2011-11-09 14:08:09 UTC

Permalink

$BAa4V$G$9!#(B
$B$"$j$,$H$&$4$6$$$^$9!#(B
domain_policy.conf $B$r=$@5$9$k2]Dx$G(B tomoyo-sortpolicy $B$rET9gNI$/9M(B
$B$($9$.$F$$$?$h$&$G$9!#(B

-- $BAa4V(B

Post by Tetsuo Handa
TOMOYO $B%+!<%M%k$K$*$1$k%I%a%$%s$N07$$J}$O(B Linux $B>e$G$N%U%!%$%kA`:n$HF1MM$K(B
<kernel> /usr/local/bin/mycommand $B$H$$$&9T$r=q$-9~$`$N$O!"(B
open("<kernel> /usr/local/bin/mycommand", O_CREAT | O_RDWR, 0666) $B$KAjEv(B
$B>e$G%*!<%W%s$7!"4{$KB8:_$9$k>l9g$K$O$=$N%U%!%$%k$r%*!<%W%s$7$^$9!#%I%a%$%s$K(B
$B>l9g$K$O$=$N%I%a%$%s$rA*Br$7$^$9!#(B
select <kernel> /usr/local/bin/mycommand $B$H$$$&9T$r=q$-9~$`$N$O!"(B
open("<kernel> /usr/local/bin/mycommand", O_RDWR) $B$KAjEv$7$^$9!#(B
open() $B$K(B O_CREAT $B$rEO$5$J$$>l9g!"$=$N%U%!%$%k$,B8:_$7$J$1$l$P%*!<%W%s(B
$B$5$l$^$;$s!#%I%a%$%s$K$D$$$F$bF1MM$G!"$=$N%I%a%$%s$,B8:_$7$J$1$l$PA*Br(B
$B$5$l$^$;$s!#(B
delete <kernel> /usr/local/bin/mycommand $B$H$$$&9T$r=q$-9~$`$N$O!"(B
unlink("<kernel> /usr/local/bin/mycommand") $B$KAjEv$7$^$9!#$=$N%U%!%$%k$,(B
$BB8:_$7$F$$$l$P:o=|$5$l$^$9$7!"B8:_$7$J$1$l$P:o=|$5$l$^$;$s!#%U%!%$%k$,:o=|(B
$B$5$l$kA0$KMxMQ$r3+;O$7$?%W%m%;%9$O!"$=$N%U%!%$%k$NMxMQ$r=*N;$9$k!J%U%!%$%k$r(B
$BJD$8$k!K$^$G$O!"%U%!%$%k$,:o=|$5$l$?8e$G$b7QB3$7$FMxMQ$9$k$3$H$,$G$-$^$9!#(B
$B%I%a%$%s$K$D$$$F$bF1MM$G!"$=$N%I%a%$%s$,B8:_$7$F$$$l$P:o=|$5$l$^$9$7!"B8:_(B
$B$7$J$1$l$P:o=|$5$l$^$;$s!#%I%a%$%s$,:o=|$5$l$kA0$K$=$N%I%a%$%s$KE~C#$7$?(B
$B%W%m%;%9$O!"$=$N%I%a%$%s$+$i5n$k!J%W%m%;%9$,=*N;$9$k$+B>$N%I%a%$%s$XA+0\$9$k!K(B
$B$^$G$O!"%I%a%$%s$,:o=|$5$l$?8e$G$b7QB3$7$FMxMQ$9$k$3$H$,$G$-$^$9!#(B
unlink("<kernel> /usr/local/bin/mycommand") $B$KB3$1$F(B
open("<kernel> /usr/local/bin/mycommand", O_CREAT | O_RDWR, 0666) $B$r9T$C$?(B
$B>l9g!"(B unlink() $B$5$l$kA0$K(B open() $B$5$l$?%U%!%$%k$rMxMQ$7$F$$$k%W%m%;%9(B
$B!J(B pid $B$,(B 100 $B$H2>Dj$7$^$9!K$H!"(B unlink() $B$5$l$?8e$K(B open() $B$5$l$?%U%!%$%k$r(B
$BMxMQ$7$F$$$k%W%m%;%9!J(B pid $B$,(B 200 $B$H2>Dj$7$^$9!K$H$G$O!"%U%!%$%kL>$OF1$8$G$b(B
$B0[$J$k%U%!%$%k$rMxMQ$7$F$$$k$3$H$K$J$j$^$9!#$3$N$h$&$J>l9g$K(B pid $B$,(B 100 $B$N(B
$B%W%m%;%9$,MxMQ$7$F$$$k%U%!%$%k$KE~C#$9$k$?$a$K$O!"(B
open("<kernel> /usr/local/bin/mycommand", O_CREAT | O_RDWR, 0666) $B$NBe$o$j$K(B
open("/proc/100/fd/$B?t;z(B", O_RDWR, 0666) $B$N$h$&$K<B9T$7$^$9!#(B
$B%I%a%$%s$K$D$$$F$bF1MM$G!"(B
delete <kernel> /usr/local/bin/mycommand $B$H$$$&9T$r=q$-9~$`A0$K(B
<kernel> /usr/local/bin/mycommand $B%I%a%$%s$KE~C#$7$?%W%m%;%9!J(B pid $B$,(B 300 $B$H(B
$B2>Dj$7$^$9!K$N%]%j%7!<$KE~C#$7$?$$>l9g!"(B
select <kernel> /usr/local/bin/mycommand $B$NBe$o$j$K(B select pid=300 $B$N$h$&$K(B
$B<B9T$7$^$9!#(B
TOMOYO $B%+!<%M%k$K$*$1$k%"%/%;%95v2D$NDI2C$d:o=|$O!":9J,;XDj$K$h$j9T$$$^$9!#(B
$B%U%!%$%k$rJT=8$9$k:]$K$O$^$:(B open() $B$G%U%!%$%k$r%*!<%W%s$9$k$N$HF1MM$K!"(B
$B%I%a%$%s$N%"%/%;%95v2D$rJT=8$9$k$K$O$^$:(B
<kernel> /usr/local/bin/mycommand $B$d(B
select <kernel> /usr/local/bin/mycommand $B$H$$$&9T$r=q$-9~$s$G$=$N%I%a%$%s$r(B
$BA*Br$7$^$9!#$=$N8e!"$=$N%I%a%$%s$KBP$7$F%(%s%H%j$NDI2C$d:o=|$r9T$$$^$9!#(B
$B$=$N:]!"4{$KB8:_$9$k%(%s%H%j$HF1$8$b$N$rDI2C$7$h$&$H$7$F$bDI2C$5$l$^$;$s!#(B
$B$^$?!"B8:_$7$J$$%(%s%H%j$r:o=|$7$h$&$H$7$F$b:o=|$5$l$^$;$s!#(B
$B4{$KB8:_$7$F$$$?$j!"4{$K:o=|$5$l$F$$$?>l9g$G$b!"%(%i!<$K$O$J$j$^$;$s$N$G!"(B
$BAa4V5AGn(B $B$5$s$O=q$-$^$7$?!'(B

tomoyo-sortpolicy $B$d(B tomoyo-editpolicy $B$OA0=R$N%+!<%M%k$,9T$&F0:n$r??;w(B
$B$7$^$9!#$=$N$?$a!"(B <kernel> /usr/local/bin/mycommand $B$H$$$&9T$,J#?t2sEP>l$7$?(B
$B>l9g!"#18D$K%^!<%8$7$^$9!#(B

$B$O$$!#(B
$B$=$N$h$&$J5!G=$O(B tomoyo-sortpolicy $B$K$O$"$j$^$;$s!#!J!0#x!0!((B

$B$3$3$K(B file read /var/tmp/mycommand.tmp $B$,H4$1$F$$$^$;$s$+!)(B

_______________________________________________
tomoyo-users mailing list
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users