Autostart and MAC security

Mike Hearn mike at plan99.net
Mon Feb 27 21:42:47 EET 2006 

On Mon, 2006-02-27 at 20:03 +0100, Francois Gouget wrote:
> So your plan is to have ~/.config/autostart be locked down such that all 
> of the following commands fail?
> 
>     cp foo.desktop ~/.config/autostart
>     cat foo.desktop >~/.config/autostart/foo.desktop
>     rm ~/.config/autostart/foo.desktop
>     rm -rf ~/.config

Not necessarily. Security contexts change on exec according to
pre-defined rules. 

So, you can say "+rwx to ~/.config/autostart in unconfined context" and
also "-rwx to ~/.config/autostart in desktop-application context".
Because you can control domain transitions, this is OK because bash can
transition to desktop-application (which has fewer privs) when you type
"gimp" but programs in the desktop-application context cannot launch an
unconfined shell themselves.

> Frankly I would not want to use a system where standard commands such as 
> cp, rm and cat are crippled in such a way. Though if the shell gives me 
> a way to locally turn this feature off for all child processes it may be ok.

It doesn't even have to be a shell feature. It can be done
automatically, because the security system knows the difference between
"write to ~/.config/autostart/foo.desktop" from AmazingApp 2002 and
"write to ~/.config/autostart/foo.desktop" from a shell launched from
your window manager.

> Anyway, if going through a register-autostart tool is to be made 
> mandatory, it should at least provide the following functionality:
>   * add an entry
>     Example: register-autostart --add foo.desktop
>   * remove an entry
>     Example: register-autostart --del foo.desktop

Yep.

>   * get a list of the entries and return their full path so an 
> application can read them
>     Example: register-autostart --list
>              /home/user/.config/autostart/foo.desktop
>              /home/user/.config/autostart/bar.desktop

What's the use case for a standard desktop application reading the
auto-start list? For special cases like Wine it can preserve its own
list of autostart items it registered.

I don't think it'd hurt but it's best to be conservative with
privileges.

thanks -mike

More information about the xdg mailing list