fedora-selinux August 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: [sandbox] uid 0 <- Xorg <- Xephyr <

Re: [sandbox] uid 0 <- Xorg <- Xephyr <- $program <- $exploit

From: Christoph A. <casmls_at_nospam>
Date: Tue Aug 24 2010 - 00:03:17 GMT
To: selinux@lists.fedoraproject.org

On 08/19/2010 05:47 PM, Stephen Smalley wrote:
> It prevents the client application from directly communicating with the
> top-level Xorg server. In the case of the bug you cited, they have to
> first escalate access and gain code execution within Xephyr before they
> can mount the attack on the top-level Xorg server, rather than being
> able to directly attack the top-level Xorg server from the client app.

I see. I thought Xephyr and the sandboxed program run within the same
domain, but looking at the process table made it clear.

The logical next question would be: How confined is xserver_t actually? ;)

> Curious as to whether they in fact wrote a successful exploit that did
> that, or just pointed out that it is theoretically possible.

I was also curious and asked on their blog, but didn't get a response.

thanks for your explanations,
Christoph

-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux