Bug 529830 - SELinux failed to limit the authority of execute of user_u
Summary: SELinux failed to limit the authority of execute of user_u
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-10-20 10:41 UTC by jbao
Modified: 2009-10-20 21:28 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-10-20 21:28:36 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description jbao 2009-10-20 10:41:57 UTC 
Description of problem:
In the homedir of user_u,it can execute the executable file. However,it should not have the permission to do it.

Version-Release number of selected component (if applicable):
selinux-policy-3.6.32-27.fc12.noarch
2.6.31.1-56.fc12.x86_64


How reproducible:


Steps to Reproduce:
follow the test case of user_u in the test day 
https://fedoraproject.org/wiki/Test_Day:2009-10-20#staff_u 

1.
service auditd restart
service messagebus start
service restorecond restart
setenforce 1

2.useradd -Z user_u USERNAME
3.cp an executable file to the homedir of USERNAME.
eg. some .sh file

4.log into the USERNAME
5.execute the executable file
  
Actual results:
succeeded in executing it.

Expected results:
failed to execute it for the permission denied.

Additional info:
Comment 1 Daniel Walsh 2009-10-20 12:27:57 UTC 
Was the boolean allow_user_exec_content turned on?

setsebool -P allow_user_exec_content 0

Should preven the execution.  Should have had this in the test plan.
Note You need to log in before you can comment on or make changes to this bug.